arazzo: 1.0.1
info:
  title: Cloudflare Toggle WAF Setting
  summary: Read the zone WAF setting, change it, then read it back to confirm.
  description: >-
    The zone-level Web Application Firewall setting turns Cloudflare's managed
    WAF on or off for the zone. The workflow reads the current WAF setting,
    changes it to the requested value, and reads it back to confirm the change
    took effect. Each step inlines its request and asserts both the documented
    HTTP 200 status and the Cloudflare {success, result} envelope flag.
  version: 1.0.0
sourceDescriptions:
- name: cloudflareZonesApi
  url: ../openapi/cloudflare-zones--openapi-original.yml
  type: openapi
workflows:
- workflowId: toggle-waf-setting
  summary: Read, change, and re-read the zone WAF setting.
  description: >-
    Reads the current Web Application Firewall setting, changes it to the
    supplied value, and reads it back to confirm the change.
  inputs:
    type: object
    required:
    - zoneId
    - value
    properties:
      zoneId:
        type: string
        description: The unique identifier of the zone.
      value:
        type: string
        description: The desired WAF setting state (on or off).
  steps:
  - stepId: getWafSetting
    description: Read the current zone WAF setting before changing it.
    operationId: zone-settings-get-web-application-firewall-(-waf)-setting
    parameters:
    - name: zone_id
      in: path
      value: $inputs.zoneId
    successCriteria:
    - condition: $statusCode == 200
    - context: $response.body
      condition: $.success == true
      type: jsonpath
    outputs:
      previousValue: $response.body#/result/value
  - stepId: changeWafSetting
    description: Change the zone WAF setting to the requested value.
    operationId: zone-settings-change-web-application-firewall-(-waf)-setting
    parameters:
    - name: zone_id
      in: path
      value: $inputs.zoneId
    requestBody:
      contentType: application/json
      payload:
        value: $inputs.value
    successCriteria:
    - condition: $statusCode == 200
    - context: $response.body
      condition: $.success == true
      type: jsonpath
    outputs:
      newValue: $response.body#/result/value
  - stepId: verifyWafSetting
    description: Read the WAF setting back to confirm the change was applied.
    operationId: zone-settings-get-web-application-firewall-(-waf)-setting
    parameters:
    - name: zone_id
      in: path
      value: $inputs.zoneId
    successCriteria:
    - condition: $statusCode == 200
    - context: $response.body
      condition: $.success == true
      type: jsonpath
    - context: $response.body
      condition: $.result.value == $inputs.value
      type: jsonpath
    outputs:
      confirmedValue: $response.body#/result/value
  outputs:
    previousValue: $steps.getWafSetting.outputs.previousValue
    confirmedValue: $steps.verifyWafSetting.outputs.confirmedValue