chore(deps): update terraform cloudflare to v4 (!357) · Merge requests · Arcturus Lab / Cluster

Dylan Smith requested to merge renovate/cloudflare-4.x into trunk Apr 21, 2024

This MR contains the following updates:

Package	Type	Update	Change
cloudflare (source)	required_provider	major	`3.18.0` -> `4.42.0`

⚠ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

cloudflare/terraform-provider-cloudflare (cloudflare)

`v4.42.0`

Compare Source

FEATURES:

New Resource: cloudflare_zero_trust_gateway_certificate (#3547)

ENHANCEMENTS:

resource/cloudflare_notification_policy: add support for image_notification alert type (#3981)
resource/cloudflare_access_group: Added description strings to all rule types (#3792)
resource/cloudflare_bot_management: Add support for ai_bots_protection settings (#3960)
resource/cloudflare_record: remove internal references to deprecated ZoneID and ZoneName fields (#4018)
resource/cloudflare_workers_script: Add support for hyperdrive binding type (#3821)
resource/cloudflare_zone_settings_override: Add optional setting replace_insecure_js (#3602)
resource/rulesets: add cache_reserve terraform support and fix typo (#3923)
resource/zero_trust_gateway_settings: Add missing disable_for_time example field (#3931)

BUG FIXES:

resource/cloudflare_access_application: fix the name of the new resource to use when upgrading (#4044)
resource/cloudflare_access_application: reconcile access application custom attributes logic (#3987)
resource/cloudflare_hyperdrive_config: fix bug when calling passing Hyperdrive config ID to update method (#4042)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.31 to 1.27.32 (#3892)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.32 to 1.27.33 (#3901)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.30 to 1.17.31 (#3892)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.31 to 1.17.32 (#3901)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.0 to 1.61.1 (#3892)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.1 to 1.61.2 (#3901)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.30.4 to 1.30.5 (#3892)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.33 to 1.27.34 in the aws group (#4020)
provider: bump github.com/cloudflare/cloudflare-go from 0.103.0 to 0.104.0 (#3974)
provider: bump golang.org/x/net from 0.28.0 to 0.29.0 (#3911)

`v4.41.0`

Compare Source

NOTES:

resource/cloudflare_logpush_job: Deprecate frequency in favour of max_upload_interval_seconds (#3745)
resource/cloudflare_record: remove deprecated zone_name field (#3855)

FEATURES:

New Data Source: cloudflare_dcv_delegation (#3885)
New Resource: cloudflare_cloud_connector_rules (#3622)

ENHANCEMENTS:

resource/cloudflare_device_posture_rule: Modify Tanium's eid_last_seen field to be relative instead of a timestamp value (#3764)
resource/cloudflare_teams_account: Add disable_for_time attribute (#3526)
resource/cloudflare_waiting_room: Add enabled_origin_commands field. (#3805)
resource/rulesets: add "contains" support to custom cache key headers (#3820)

BUG FIXES:

resource/cloudflare_access_mutual_tls_certificate: change associated hostnames to a set (#3498)
resource/cloudflare_access_policy: Fix forcing new access policies when account id is not set through import (#3358)
resource/cloudflare_record: Suppress matching ipv6 dns record (#3888)
resource/cloudflare_record: handle scenarios where content and value are both being set in state and erroneously always thinking the content field is the source of truth (#3776)
resource/cloudflare_zero_trust_access_group: Fix false deprecation warnings (#3740)
resource/cloudflare_zone_settings_override: fix migration process with nil initial_settings (#3829)
resource/hyperdrive_config: use hyperdrive_config id when updating resource (#3704)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.27 to 1.27.31 (#3801)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.27 to 1.17.30 (#3801)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.58.3 to 1.60.1 (#3801)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.30.3 to 1.30.4 (#3801)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.60.1 to 1.61.0 in the aws group (#3823)
provider: bump github.com/cloudflare/cloudflare-go from 0.101.0 to 0.102.0 (#3713)
provider: bump github.com/cloudflare/cloudflare-go from 0.102.0 to 0.103.0 (#3824)

`v4.40.0`

Compare Source

NOTES:

resource/cloudflare_access_application: deprecated in favour of cloudflare_zero_trust_access_application and will be removed in the next major version. (#3584)
resource/cloudflare_access_ca_certificate: deprecated in favour of cloudflare_zero_trust_access_short_lived_certificate and will be removed in the next major version. (#3584)
resource/cloudflare_access_custom_page: deprecated in favour of cloudflare_zero_trust_access_custom_page and will be removed in the next major version. (#3584)
resource/cloudflare_access_group: deprecated in favour of cloudflare_zero_trust_access_group and will be removed in the next major version. (#3584)
resource/cloudflare_access_identity_provider: deprecated in favour of cloudflare_zero_trust_access_identity_provider and will be removed in the next major version. (#3584)
resource/cloudflare_access_keys_configuration: deprecated in favour of cloudflare_zero_trust_access_key_configuration and will be removed in the next major version. (#3584)
resource/cloudflare_access_mutual_tls_certificate: deprecated in favour of cloudflare_zero_trust_access_mtls_certificate and will be removed in the next major version. (#3584)
resource/cloudflare_access_mutual_tls_hostname_settings: deprecated in favour of cloudflare_zero_trust_access_mtls_hostname_settings and will be removed in the next major version. (#3584)
resource/cloudflare_access_organization: deprecated in favour of cloudflare_zero_trust_organization and will be removed in the next major version. (#3584)
resource/cloudflare_access_policy: deprecated in favour of cloudflare_zero_trust_access_policy and will be removed in the next major version. (#3584)
resource/cloudflare_access_service_token: deprecated in favour of cloudflare_zero_trust_access_service_token and will be removed in the next major version. (#3584)
resource/cloudflare_access_tag: deprecated in favour of cloudflare_zero_trust_access_tag and will be removed in the next major version. (#3584)
resource/cloudflare_device_dex_test: deprecated in favour of cloudflare_zero_trust_dex_test and will be removed in the next major version. (#3584)
resource/cloudflare_device_managed_networks: deprecated in favour of cloudflare_zero_trust_device_managed_networks and will be removed in the next major version. (#3584)
resource/cloudflare_device_policy_certificates: deprecated in favour of cloudflare_zero_trust_device_certificates and will be removed in the next major version. (#3584)
resource/cloudflare_device_posture_integration: deprecated in favour of cloudflare_zero_trust_device_posture_integration and will be removed in the next major version. (#3584)
resource/cloudflare_device_posture_rule: deprecated in favour of cloudflare_zero_trust_device_posture_rule and will be removed in the next major version. (#3584)
resource/cloudflare_device_settings_policy: deprecated in favour of cloudflare_zero_trust_device_profiles and will be removed in the next major version. (#3584)
resource/cloudflare_dlp_custom_profile: deprecated in favour of cloudflare_zero_trust_dlp_custom_profile and will be removed in the next major version. (#3584)
resource/cloudflare_dlp_predefined_profile: deprecated in favour of cloudflare_zero_trust_dlp_predefined_profile and will be removed in the next major version. (#3584)
resource/cloudflare_dlp_profile: deprecated in favour of cloudflare_zero_trust_dlp_profile and will be removed in the next major version. (#3584)
resource/cloudflare_fallback_domain: deprecated in favour of cloudflare_zero_trust_local_domain_fallback and will be removed in the next major version. (#3584)
resource/cloudflare_gre_tunnel: deprecated in favour of cloudflare_magic_wan_gre_tunnel and will be removed in the next major version. (#3584)
resource/cloudflare_ipsec_tunnel: deprecated in favour of cloudflare_magic_wan_ipsec_tunnel and will be removed in the next major version. (#3584)
resource/cloudflare_record: fix a bug that prematurely removed the ability to set the deprecated value field. (#3674)
resource/cloudflare_risk_behavior: deprecated in favour of cloudflare_zero_trust_risk_behavior and will be removed in the next major version. (#3584)
resource/cloudflare_split_tunnel: deprecated in favour of cloudflare_zero_trust_split_tunnels and will be removed in the next major version. (#3584)
resource/cloudflare_static_route: deprecated in favour of cloudflare_magic_wan_static_route and will be removed in the next major version. (#3584)
resource/cloudflare_teams_account: deprecated in favour of cloudflare_zero_trust_gateway_settings and will be removed in the next major version. (#3584)
resource/cloudflare_teams_list: deprecated in favour of cloudflare_zero_trust_list and will be removed in the next major version. (#3584)
resource/cloudflare_teams_location: deprecated in favour of cloudflare_zero_trust_dns_location and will be removed in the next major version. (#3584)
resource/cloudflare_teams_proxy_endpoint: deprecated in favour of cloudflare_zero_trust_gateway_proxy_endpoint and will be removed in the next major version. (#3584)
resource/cloudflare_teams_rule: deprecated in favour of cloudflare_zero_trust_gateway_policy and will be removed in the next major version. (#3584)
resource/cloudflare_tunnel: deprecated in favour of cloudflare_zero_trust_tunnel_cloudflared and will be removed in the next major version. (#3584)
resource/cloudflare_tunnel_config: deprecated in favour of cloudflare_zero_trust_tunnel_cloudflared_config and will be removed in the next major version. (#3584)
resource/cloudflare_tunnel_route: deprecated in favour of cloudflare_zero_trust_tunnel_route and will be removed in the next major version. (#3584)
resource/cloudflare_tunnel_virtual_network: deprecated in favour of cloudflare_zero_trust_tunnel_virtual_network and will be removed in the next major version. (#3584)
resource/cloudflare_worker_cron_trigger: deprecated in favour of cloudflare_workers_cron_trigger and will be removed in the next major version. (#3584)
resource/cloudflare_worker_domain: deprecated in favour of cloudflare_workers_custom_domain and will be removed in the next major version. (#3584)
resource/cloudflare_worker_script: deprecated in favour of cloudflare_workers_script and will be removed in the next major version. (#3584)
resource/cloudflare_worker_secret: deprecated in favour of cloudflare_workers_secret and will be removed in the next major version. (#3584)
resource/cloudflare_workers_for_platforms_namespace: deprecated in favour of cloudflare_workers_for_platforms_dispatch_namespace and will be removed in the next major version. (#3584)

FEATURES:

New Resource: cloudflare_magic_wan_gre_tunnel (#3584)
New Resource: cloudflare_magic_wan_ipsec_tunnel (#3584)
New Resource: cloudflare_magic_wan_static_route (#3584)
New Resource: cloudflare_workers_cron_trigger (#3584)
New Resource: cloudflare_workers_custom_domain (#3584)
New Resource: cloudflare_workers_for_platforms_dispatch_namespace (#3584)
New Resource: cloudflare_workers_script (#3584)
New Resource: cloudflare_workers_secret (#3584)
New Resource: cloudflare_zero_trust_access_application (#3584)
New Resource: cloudflare_zero_trust_access_custom_page (#3584)
New Resource: cloudflare_zero_trust_access_group (#3584)
New Resource: cloudflare_zero_trust_access_identity_provider (#3584)
New Resource: cloudflare_zero_trust_access_key_configuration (#3584)
New Resource: cloudflare_zero_trust_access_mtls_certificate (#3584)
New Resource: cloudflare_zero_trust_access_mtls_hostname_settings (#3584)
New Resource: cloudflare_zero_trust_access_policy (#3584)
New Resource: cloudflare_zero_trust_access_service_token (#3584)
New Resource: cloudflare_zero_trust_access_short_lived_certificate (#3584)
New Resource: cloudflare_zero_trust_access_tag (#3584)
New Resource: cloudflare_zero_trust_device_certificates (#3584)
New Resource: cloudflare_zero_trust_device_managed_networks (#3584)
New Resource: cloudflare_zero_trust_device_posture_integration (#3584)
New Resource: cloudflare_zero_trust_device_posture_rule (#3584)
New Resource: cloudflare_zero_trust_device_profiles (#3584)
New Resource: cloudflare_zero_trust_dex_test (#3584)
New Resource: cloudflare_zero_trust_dlp_custom_profile (#3584)
New Resource: cloudflare_zero_trust_dlp_predefined_profile (#3584)
New Resource: cloudflare_zero_trust_dlp_profile (#3584)
New Resource: cloudflare_zero_trust_dns_location (#3584)
New Resource: cloudflare_zero_trust_gateway_policy (#3584)
New Resource: cloudflare_zero_trust_gateway_proxy_endpoint (#3584)
New Resource: cloudflare_zero_trust_gateway_settings (#3584)
New Resource: cloudflare_zero_trust_list (#3584)
New Resource: cloudflare_zero_trust_local_domain_fallback (#3584)
New Resource: cloudflare_zero_trust_organization (#3584)
New Resource: cloudflare_zero_trust_risk_behavior (#3584)
New Resource: cloudflare_zero_trust_risk_score_integration (#3563)
New Resource: cloudflare_zero_trust_split_tunnels (#3584)
New Resource: cloudflare_zero_trust_tunnel_cloudflared (#3584)
New Resource: cloudflare_zero_trust_tunnel_cloudflared_config (#3584)
New Resource: cloudflare_zero_trust_tunnel_route (#3584)
New Resource: cloudflare_zero_trust_tunnel_virtual_network (#3584)

ENHANCEMENTS:

resource/cloudflare_device_posture_rule: add ability to create client_certificate_v2 posture rule (#3512)
resource/cloudflare_device_settings_policy: Add tunnel_protocol field for device policies (#3513)

BUG FIXES:

resource/cloudflare_access_policy: handle multiple okta idps in access policies (#3579)
resource/cloudflare_record: refactor validation to use ExactlyOneOf instead of custom logic (#3699)

DEPENDENCIES:

provider: bump github.com/hashicorp/terraform-plugin-framework from 1.10.0 to 1.11.0 (#3575)
provider: bump github.com/hashicorp/terraform-plugin-testing from 1.9.0 to 1.10.0 (#3583)
provider: bump golang.org/x/net from 0.27.0 to 0.28.0 (#3576)

`v4.39.0`

Compare Source

NOTES:

resource/cloudflare_access_policy: remove deprecation notice related to precedence (#3556)
resource/cloudflare_record: value is now deprecated in favour of content (#3509)
resource/cloudflare_worker_cron_trigger: deprecated in favour of cloudflare_workers_cron_trigger and will be removed in the next major version. (#3500)
resource/cloudflare_worker_domain: deprecated in favour of cloudflare_workers_domain and will be removed in the next major version. (#3500)
resource/cloudflare_worker_route: deprecated in favour of cloudflare_workers_route and will be removed in the next major version. (#3500)
resource/cloudflare_worker_script: deprecated in favour of cloudflare_workers_script and will be removed in the next major version. (#3500)
resource/cloudflare_worker_secret: deprecated in favour of cloudflare_workers_secret and will be removed in the next major version. (#3500)
resource/cloudflare_workers_for_platforms_namespace: deprecated in favour of cloudflare_workers_for_platforms_dispatch_namespace and will be removed in the next major version. (#3500)
resource/zone_settings_override: deprecate minify setting and include state migration to remove from local state. You should immediately remove the configuration from the resource to prevent permadiffs. Automatic migration of user configuration can be handled with Grit by running grit apply github.com/cloudflare/terraform-provider-cloudflare#cloudflare_zone_settings_override_remove_minify (#3521)

FEATURES:

New Data Source: cloudflare_gateway_app_types (#3470)
New Resource: cloudflare_workers_cron_trigger (#3500)
New Resource: cloudflare_workers_domain (#3500)
New Resource: cloudflare_workers_for_platforms_dispatch_namespace (#3500)
New Resource: cloudflare_workers_route (#3500)
New Resource: cloudflare_workers_script (#3500)
New Resource: cloudflare_workers_secret (#3500)

ENHANCEMENTS:

resource/access_application: add skip_app_launcher_login_page flag to skip the App Launcher landing page (#3519)
resource/cloudflare_device_posture_rules: added support for intune compliance_status values (#3492)
resource/cloudflare_teams_rule: Add disable_clipboard_redirection attribute to BISOAdminControls (#3511)
resource/hyperdrive_config: Add support for creating Hyperdrive over Access configs (#3516)
resource/hyperdrive_config: Add support for max_age and stale_while_revalidate in Hyperdrive Config caching settings (#3516)

BUG FIXES:

resource/cloudflare_list_item: handle overlapping hostname url_hostname (#3515)
resource/cloudflare_risk_behavior: fix bug where partial definition of risk behaviors resulted in a provider error (#3463)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.58.2 to 1.58.3 in the aws group (#3557)
provider: bump github.com/cloudflare/cloudflare-go from 0.100.0 to 0.101.0 (#3540)
provider: bump github.com/cloudflare/cloudflare-go from 0.99.0 to 0.100.0 (#3499)

`v4.38.0`

Compare Source

FEATURES:

New Data Source: cloudflare_gateway_categories (#3443)

ENHANCEMENTS:

resource/cloudflare_teams_list: add support for descriptions on list items (#3488)
resource/cloudflare_teams_rules: add support for ignore_cname_category_matches (#3473)

BUG FIXES:

resource/cloudflare-access-application: fixes bug when updating self_hosted_domains (#3468)
resource/cloudflare_access_application: Fix bug that was not cleaning the API when removing all ids from the 'policies' list (#3469)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.24 to 1.27.25 (#3449)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.25 to 1.27.27 (#3483)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.24 to 1.17.25 (#3449)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.25 to 1.17.27 (#3483)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.58.0 to 1.58.1 (#3449)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.58.1 to 1.58.2 (#3483)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.30.1 to 1.30.2 (#3449)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.30.2 to 1.30.3 (#3483)
provider: bump github.com/cloudflare/cloudflare-go/v2 from 2.3.0 to 2.4.0 (#3480)

`v4.37.0`

Compare Source

ENHANCEMENTS:

resource/cloudflare_notification_policy: Add tunnel_name filter for Magic Health Checks (#3417)

BUG FIXES:

resource/cloudflare_r2_bucket: add validation to location hint to prevent invalid values from drifting (#3441)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.21 to 1.27.22 (#3404)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.22 to 1.27.23 (#3412)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.23 to 1.27.24 (#3437)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.21 to 1.17.22 (#3404)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.22 to 1.17.23 (#3412)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.23 to 1.17.24 (#3437)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.57.0 (#3404)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.57.0 to 1.57.1 (#3412)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.30.0 to 1.30.1 (#3412)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.57.1 to 1.58.0 in the aws group (#3429)
provider: bump github.com/cloudflare/cloudflare-go from 0.98.0 to 0.99.0 (#3438)
provider: bump github.com/hashicorp/terraform-plugin-framework from 1.9.0 to 1.10.0 (#3445)
provider: bump github.com/hashicorp/terraform-plugin-framework-validators from 0.12.0 to 0.13.0 (#3447)
provider: bump github.com/hashicorp/terraform-plugin-testing from 1.8.0 to 1.9.0 (#3446)
provider: bump golang.org/x/net from 0.26.0 to 0.27.0 (#3442)

`v4.36.0`

Compare Source

NOTES:

resource/zone_settings_override: deprecate mobile_redirect setting and include state migration to remove from local state. You should immediately remove the configuration from the resource to prevent permadiffs. (#3337)

ENHANCEMENTS:

resource/cloudflare_access_application: Support configuring OIDC SaaS access token lifetime (#3353)

BUG FIXES:

resource/cloudflare_list_item: fix crash when not using type = "redirect" due to attempting to compare nil (#3368)
resource/cloudflare_list_item: implement exact match for IP values to prevent overlapping IP prefixes from not being found (#3368)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.18 to 1.27.19 (#3360)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.19 to 1.27.20 (#3362)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.20 to 1.27.21 (#3364)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.18 to 1.17.19 (#3360)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.19 to 1.17.20 (#3362)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.20 to 1.17.21 (#3364)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.55.1 to 1.55.2 (#3360)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.55.2 to 1.56.0 (#3362)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.0 to 1.56.1 (#3364)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.27.2 to 1.28.0 (#3360)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.28.0 to 1.29.0 (#3362)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.29.0 to 1.30.0 (#3364)
provider: bump github.com/cloudflare/cloudflare-go from 0.97.0 to 0.98.0 (#3365)
provider: bump github.com/cloudflare/cloudflare-go/v2 from 2.2.0 to 2.3.0 (#3363)
provider: bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 in /tools (#3395)

`v4.35.0`

Compare Source

ENHANCEMENTS:

resource/cloudflare_access_application: Add Hybrid and Implicit flow support to OIDC SaaS Apps (#3324)
resource/cloudflare_access_organization: Fix 'name' being optional (#3343)
resource/cloudflare_load_balancer_pool: Add support for virtual_network_id (#3333)
resource/cloudflare_teams_account: add support for 'virtual_ip' (#3321)
resource/resource_cloudflare_zone: add support for 'vanity_name_servers' (#3315)

BUG FIXES:

resource/cloudflare_access_application: Fix bug requiring explicit account_id or zone_id (#3352)
resource/cloudflare_access_application: force recreation if SaaS app auth_type is changed (#3332)
resource/cloudflare_list_item: handle overlapping redirect source_url (#3335)
resource/cloudflare_logpush_job: Mirror API defaults for record_delimiter to include newline (#3334)
resource/cloudflare_waiting_room_event: fix panic when trying to import a resource (#3351)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.16 to 1.27.17 (#3339)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.17 to 1.27.18 (#3350)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.16 to 1.17.17 (#3339)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.17 to 1.17.18 (#3350)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.3 to 1.54.4 (#3339)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.55.0 to 1.55.1 (#3350)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.27.0 to 1.27.1 (#3339)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.27.1 to 1.27.2 (#3350)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.4 to 1.55.0 in the aws group (#3346)
provider: bump github.com/cloudflare/cloudflare-go from 0.96.0 to 0.97.0 (#3347)
provider: bump github.com/hashicorp/terraform-plugin-framework from 1.8.0 to 1.9.0 (#3341)
provider: bump golang.org/x/net from 0.25.0 to 0.26.0 (#3342)
provider: bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#3345)

`v4.34.0`

Compare Source

FEATURES:

New Resource: cloudflare_risk_behavior (#3307)

ENHANCEMENTS:

resource/cloudflare_access_application: Add support for OIDC refresh tokens, allowing PKCE without client secret, custom claims, and specifying name_by_idp for custom attributes/claims (#3306)
resource/cloudflare_access_application: improve validation logic for zone level reusable policies (#3325)
resource/cloudflare_access_group: improve validation logic for zone level reusable policies (#3325)
resource/cloudflare_ruleset: add support for fonts and disable_rum action parameters (#3261)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.13 to 1.27.14 (#3310)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.14 to 1.27.15 (#3313)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.15 to 1.27.16 (#3326)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.13 to 1.17.14 (#3310)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.14 to 1.17.15 (#3313)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.15 to 1.17.16 (#3326)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.0 to 1.54.1 (#3310)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.1 to 1.54.2 (#3313)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.2 to 1.54.3 (#3326)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.26.1 to 1.26.2 (#3310)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.26.2 to 1.27.0 (#3313)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.2 to 1.54.0 in the aws group (#3308)
provider: bump github.com/cloudflare/cloudflare-go from 0.95.0 to 0.96.0 (#3322)
provider: bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.33.0 to 2.34.0 (#3316)
provider: bump github.com/hashicorp/terraform-plugin-testing from 1.6.0 to 1.8.0 (#3317)

`v4.33.0`

Compare Source

ENHANCEMENTS:

resource/cloudflare_access_application: added support for 'policies' argument (#3288)
resource/cloudflare_access_policy: added support for reusable policies (#3288)
resource/cloudflare_zone_settings_override: add support for NEL (#3305)

BUG FIXES:

resource/cloudflare_list_item: retry list ID fetch operations for the identifiers (#3303)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.11 to 1.27.12 (#3295)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.12 to 1.27.13 (#3301)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.11 to 1.17.12 (#3295)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.12 to 1.17.13 (#3301)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.1 to 1.53.2 (#3295)
provider: bump bflad/action-milestone-comment from 1 to 2 (#3299)
provider: bump github.com/cloudflare/cloudflare-go/v2 from 2.1.0 to 2.2.0 (#3298)
provider: bump github.com/hashicorp/terraform-plugin-mux from 0.15.0 to 0.16.0 (#3296)
provider: bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 (#3302)

`v4.32.0`

Compare Source

NOTES:

resource/cloudflare_rate_limit: This resource is being deprecated in favor of the cloudflare_rulesets resource (#3279)

ENHANCEMENTS:

resource/cloudflare_access_application: add support for SCIM provisioning configuration (#3291)
resource/cloudflare_access_group: Add the option for email_list to be used in require, include and exclude fields (#3247)
resource/cloudflare_device_posture_rules: added support for os_version_extra (#3281)

BUG FIXES:

resource/cloudflare_turnstile: Fix error handling corrupting state (#3284)

DEPENDENCIES:

provider: bump github.com/cloudflare/cloudflare-go from 0.94.0 to 0.95.0 (#3294)
provider: bump github.com/hashicorp/terraform-plugin-go from 0.22.2 to 0.23.0 (#3289)
provider: bump golang.org/x/net from 0.24.0 to 0.25.0 (#3290)
provider: bump golangci/golangci-lint-action from 5 to 6 (#3293)

`v4.31.0`

Compare Source

ENHANCEMENTS:

resource/cloudflare_access_application: added support for options_preflight_bypass (#3267)
resource/cloudflare_dlp_profile: Added support for ocr_enabled field to profiles (#3224)
resource/cloudflare_notification_policy: add 'target_ip' atrribute to 'filter' nested block (#3263)
resource/cloudflare_teams_account: add custom_certificate setting support (#3253)
resource/cloudflare_teams_location: added ecs_support field (#3264)

BUG FIXES:

resource/cloudflare_hyperdrive_config: Fix 'HyperdriveID' not included in Update call (#3251)
resource/cloudflare_managed_headers: disable header if it is deleted from terraform state (#3260)
resource/cloudflare_worker_script: fix namespaced script delete trying to delete from account rather than the namespace (#3238)

INTERNAL:

provider: introduce a muxed client to support using cloudflare-go/v0 and cloudflare-go/v2 together (#3262)

DEPENDENCIES:

provider: bump github.com/cloudflare/cloudflare-go from 0.93.0 to 0.94.0 (#3265)
provider: bump github.com/cloudflare/cloudflare-go/v2 from 2.0.0 to 2.1.0 (#3274)
provider: bump github.com/hashicorp/terraform-plugin-framework from 1.5.0 to 1.8.0 (#3255)
provider: bump github.com/hashicorp/terraform-plugin-go from 0.21.0 to 0.22.2 (#3254)
provider: bump golang.org/x/net from 0.19.0 to 0.23.0 in /tools (#3258)
provider: bump golangci/golangci-lint-action from 4 to 5 (#3271)

`v4.30.0`

Compare Source

ENHANCEMENTS:

cloudflare/resource_logpush_job: Add support for page_shield_events (#3237)
resource/cloudflare_access_group: added support for common_names rule list type to allow for more than one common_name rule in a policy block (#3229)
resource/cloudflare_access_policy: added support for common_names rule list type to allow for more than one common_name rule in a policy block (#3229)
resource/cloudflare_ipsec_tunnel: added support for replay_protection (#3249)

BUG FIXES:

resource/cloudflare_email_routing_address: Make sure schema is correctly upgraded. (#3245)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.10 to 1.27.11 (#3232)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.10 to 1.17.11 (#3232)
provider: bump github.com/cloudflare/cloudflare-go from 0.92.0 to 0.93.0 (#3239)
provider: bump golang.org/x/net from 0.22.0 to 0.23.0 (#3225)
provider: bump golang.org/x/net from 0.23.0 to 0.24.0 (#3230)

`v4.29.0`

Compare Source

BREAKING CHANGES:

data_source/record: Remove locked flag which is always false (#3220)

ENHANCEMENTS:

datasource/cloudflare_tunnel: Add the option to filter deleted tunnels (#3201)
resource/cloudflare_teams_rule: Add support for resolver policies (#3198)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.9 to 1.27.10 (#3222)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.9 to 1.17.10 (#3222)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.0 to 1.53.1 (#3222)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.26.0 to 1.26.1 (#3222)

`v4.28.0`

Compare Source

ENHANCEMENTS:

resource/cloudflare_access_application: adds saml_attribute_transform_jsonata` to SaaS applications (#3187)
resource/cloudflare_device_posture_rule: update support for new fields for crowdstrike_s2s posture rule. (#3216)
resource/cloudflare_ipsec_tunnel: Adds IPsec tunnel health_check_direction & health_check_rate parameters (#3112)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.8 to 1.27.9 (#3207)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.8 to 1.17.9 (#3207)
provider: bump github.com/cloudflare/cloudflare-go from 0.90.0 to 0.91.0 (#3208)
provider: bump github.com/cloudflare/cloudflare-go from 0.91.0 to 0.92.0 (#3218)

`v4.27.0`

Compare Source

FEATURES:

New Resource: cloudflare_access_mutual_tls_hostname_settings (#3173)
New Resource: cloudflare_hyperdrive_config (#3111)

ENHANCEMENTS:

resource/cloudflare_dlp_profile: Added support for context_awareness field to profiles (#3158)
resource/cloudflare_logpush_job: Add output_options parameter (#3171)
resource/cloudflare_notification_policy: Implement the airport_code filter (#3183)
resource/cloudflare_worker_script: Add dispatch_namespace to support uploading to a Workers for Platforms namespace (#3154)
resource/cloudflare_worker_script: Add tags to support tagging Workers for Platforms Workers (#3154)

BUG FIXES:

resource/cloudflare_access_application: Add Sensitive to oidc client_secret and preserve client_secret across apply (#3168)
resource/cloudflare_list_item: fix id parsing for imports (#3191)
resource/cloudflare_logpush_job: only set the value in state when it is defined (#3188)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.6 to 1.27.7 (#3172)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.7 to 1.27.8 (#3197)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.6 to 1.17.7 (#3172)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.7 to 1.17.8 (#3197)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.3 to 1.51.4 (#3172)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.4 to 1.52.0 (#3182)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.52.0 to 1.52.1 (#3190)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.52.1 to 1.53.0 (#3197)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.25.2 to 1.25.3 (#3172)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.25.3 to 1.26.0 (#3197)
provider: bump github.com/cloudflare/cloudflare-go from 0.89.0 to 0.90.0 (#3178)
provider: bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /tools (#3180)
provider: bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#3181)

`v4.26.0`

Compare Source

FEATURES:

New Data Source: cloudflare_dlp_datasets (#3135)

ENHANCEMENTS:

resource/cloudflare_access_application: adds name_id_transform_jsonata to SaaS applications (#3132)

BUG FIXES:

resource/cloudflare_access_application: Fix issue with sending allow_authenticate_via_warp on updates when it is not provided (#3140)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.1 to 1.27.2 (#3136)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.2 to 1.27.3 (#3138)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.3 to 1.27.4 (#3141)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.4 to 1.27.5 (#3159)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.5 to 1.27.6 (#3161)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.1 to 1.17.2 (#3136)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.2 to 1.17.3 (#3138)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.3 to 1.17.4 (#3141)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.4 to 1.17.5 (#3159)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.5 to 1.17.6 (#3161)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.50.2 to 1.50.3 (#3136)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.50.3 to 1.51.0 (#3138)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.0 to 1.51.1 (#3141)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.1 to 1.51.2 (#3159)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.51.3 (#3161)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.25.0 to 1.25.1 (#3136)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.25.1 to 1.25.2 (#3141)
provider: bump github.com/cloudflare/cloudflare-go from 0.88.0 to 0.89.0 (#3148)
provider: bump github.com/hashicorp/terraform-plugin-go from 0.21.0 to 0.22.0 (#3139)
provider: bump github.com/hashicorp/terraform-plugin-mux from 0.14.0 to 0.15.0 (#3149)
provider: bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.32.0 to 2.33.0 (#3142)
provider: bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.32.0 to 2.33.0 (#3147)
provider: bump github.com/hashicorp/terraform-plugin-testing from 1.6.0 to 1.7.0 (#3162)
provider: bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#3157)
provider: bump golang.org/x/net from 0.21.0 to 0.22.0 (#3160)

`v4.25.0`

Compare Source

BREAKING CHANGES:

resource/cloudflare_custom_pages: Removed the always_online variant. This page is never generated anymore, if a requested page is unavailable in the archive the error page that would have been shown if always online wasn't enabled is shown. (#3117)

ENHANCEMENTS:

resource/cloudflare_access_application: adds oidc saas application support (#3133)
resource/cloudflare_access_application: adds the ability to set allow_authenticate_via_warp. (#3103)
resource/cloudflare_access_organization: adds the ability to set allow_authenticate_via_warp and warp_auth_session_duration. (#3103)
resource/cloudflare_teams_account: Add support for extended e-mail matching (#3089)
resource/cloudflare_teams_accounts: Added notification settings to teams antivirus settings (#3124)
resource/pages_project: Add build_caching attribute (#3110)

BUG FIXES:

resource/cloudflare_email_routing_address: add schema migrator (#3119)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.0 (#3118)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.0 to 1.27.1 (#3134)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.16.16 to 1.17.0 (#3118)
provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.0 to 1.17.1 (#3134)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.49.0 (#3118)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.49.0 to 1.50.0 (#3125)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.50.0 to 1.50.1 (#3128)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.50.1 to 1.50.2 (#3134)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.24.1 to 1.25.0 (#3118)
provider: bump github.com/cloudflare/cloudflare-go from 0.87.0 to 0.88.0 (#3122)
provider: bump golang.org/x/net from 0.20.0 to 0.21.0 (#3108)
provider: bump golangci/golangci-lint-action from 3 to 4 (#3115)

`v4.24.0`

Compare Source

ENHANCEMENTS:

datasource/cloudflare_record: Add the option to filter by "content" (#3084)

BUG FIXES:

resource/cloudflare_access_application: leave existence error handling checks to the Read operation when performing imports. (#3075)
resource/cloudflare_device_settings_policy: updated docs that auto_connect is in seconds, not in minutes (#3080)
resource/cloudflare_dlp_profile: fixed plan flapping with DLP custom entries (#3090)
resource/email_routing_rule: add schema migration for upgrading 4.22.0 to 4.23.0 (#3102)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#3078)
provider: bump github.com/cloudflare/cloudflare-go from 0.86.0 to 0.87.0 (#3095)
provider: bump github.com/google/uuid from 1.5.0 to 1.6.0 (#3076)
provider: bump github.com/hashicorp/terraform-plugin-go from 0.20.0 to 0.21.0 (#3081)
provider: bump github.com/hashicorp/terraform-plugin-mux from 0.13.0 to 0.14.0 (#3085)
provider: bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.31.0 to 2.32.0 (#3086)
provider: bump peter-evans/create-or-update-comment from 3 to 4 (#3079)

`v4.23.0`

Compare Source

BREAKING CHANGES:

resource/cloudflare_list_item: include_subdomains is now a boolean value. If you previously set it to "enabled", you should update your configuration to use true instead or if you set it to "disabled", you should update it to false. The rest will be handled by the internal state migrator. (#3026)
resource/cloudflare_list_item: preserve_path_suffix is now a boolean value. If you previously set it to "enabled", you should update your configuration to use true instead or if you set it to "disabled", you should update it to false. The rest will be handled by the internal state migrator. (#3026)
resource/cloudflare_list_item: preserve_query_string is now a boolean value. If you previously set it to "enabled", you should update your configuration to use true instead or if you set it to "disabled", you should update it to false. The rest will be handled by the internal state migrator. (#3026)
resource/cloudflare_list_item: subpath_matching is now a boolean value. If you previously set it to "enabled", you should update your configuration to use true instead or if you set it to "disabled", you should update it to false. The rest will be handled by the internal state migrator. (#3026)

ENHANCEMENTS:

resource/cloudflare_access_application: adds the ability to set default_relay_state on saas applications. (#3053)
resource/cloudflare_email_routing_address: add ability to import (#2977)
resource/cloudflare_email_routing_rule: add ability to import (#2998)
resource/cloudflare_notification_policy: Implement the affected_components option (#3009)

INTERNAL:

cloudflare_email_routing_rule: migrate to plugin framework (#2998)
resource/cloudflare_email_routing_address: migrate to framework provider (#2977)
resource/cloudflare_list_item: migrate to plugin framework. Due to this migration, we are removing some workaround field values that were previously in place to account for the known zero value issues in the underlying SDKv2. See the release notes for the end user facing changes that need to be made for the internal state migrator to handle the internals. (#3026)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.3 to 1.26.4 (#3065)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.4 to 1.26.5 (#3071)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.5 to 1.26.6 (#3074)
provider: bump actions/cache from 3 to 4 (#3067)
provider: bump github.com/cloudflare/cloudflare-go from 0.85.0 to 0.86.0 (#3066)
provider: bump github.com/hashicorp/terraform-plugin-framework from 1.4.2 to 1.5.0 (#3058)

`v4.22.0`

Compare Source

FEATURES:

New Resource: cloudflare_worker_secret (#3035)

ENHANCEMENTS:

resource/cloudflare_notification_policy: Add tunnel_id filter for tunnel_health_event policies (#3038)
resource/cloudflare_worker_script: adds D1 binding support (#2960)

BUG FIXES:

cloudflare_notification_policy: revert ExactlyOneOf (#3032)
resource/cloudflare_dlp_profile: Prevent misidentified changes in dlp resources (#3044)
resource/cloudflare_teams_rule: changed type & validation on the notification settings url (#3030)
resource/cloudflare_teams_rules: fix block_page_enabled behaviour (#3010)
resource/cloudflare_turnstile_widget: Support empty list of domains (#3046)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.2 to 1.26.3 (#3042)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.7 to 1.47.8 (#3042)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.8 to 1.48.0 (#3043)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.24.0 to 1.24.1 (#3042)
provider: bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#3047)
provider: bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 in /tools (#3048)
provider: bump github.com/cloudflare/cloudflare-go from 0.84.0 to 0.85.0 (#3034)
provider: bump github.com/go-git/go-git/v5 from 5.4.2 to 5.11.0 in /tools (#3029)
provider: bump golang.org/x/net from 0.19.0 to 0.20.0 (#3050)

`v4.21.0`

Compare Source

ENHANCEMENTS:

resource/cloudflare_access_application: adds the ability to set customization fields on the app launcher application. (#2777)
resource/cloudflare_access_organization: remove default value for session_duration. (#2995)
resource/cloudflare_access_policy: remove default value for session_duration. (#2995)
resource/cloudflare_device_posture_integration: add support for access_client_id and access_client_secret fields (#3013)
resource/cloudflare_logpush_job: add support for magic_ids_detections. (#2983)
resource/cloudflare_notification_policy: enable selector filter and add traffic_anomalies_alert as a policy alert type (#2976)
resource/cloudflare_pages_project: support standard usage model for functions (#2963)
resource/cloudflare_tunnel_config: Destroying tunnel configurations now applies an empty configuration rather than deleting the parent cloudflare_tunnel resource (#2769)

BUG FIXES:

resource/cloudflare_list_item: fix issue preventing usage of redirect item type (#2975)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.10 to 1.25.11 (#2973)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.11 to 1.25.12 (#2987)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.12 to 1.26.0 (#2993)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.12 to 1.26.0 (#2993)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.5 to 1.25.8 (#2968)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.8 to 1.25.9 (#2969)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.9 to 1.25.10 (#2971)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.0 to 1.26.1 (#2997)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.1 to 1.26.2 (#3022)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.44.0 to 1.46.0 (#2968)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.46.0 to 1.47.0 (#2969)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.0 to 1.47.1 (#2971)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.1 to 1.47.2 (#2973)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.2 to 1.47.3 (#2987)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.3 to 1.47.4 (#2993)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.3 to 1.47.4 (#2993)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.4 to 1.47.5 (#2997)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.5 to 1.47.6 (#3016)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.6 to 1.47.7 (#3022)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.23.1 to 1.23.2 (#2968)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.23.2 to 1.23.3 (#2969)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.23.3 to 1.23.4 (#2971)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.23.4 to 1.23.5 (#2973)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.23.5 to 1.24.0 (#2993)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.23.5 to 1.24.0 (#2993)
provider: bump actions/setup-go from 4 to 5 (#2989)
provider: bump actions/stale from 8 to 9 (#2992)
provider: bump github.com/cloudflare/cloudflare-go from 0.82.0 to 0.83.0 (#2988)
provider: bump github.com/cloudflare/cloudflare-go from 0.83.0 to 0.84.0 (#3019)
provider: bump github.com/google/uuid from 1.4.0 to 1.5.0 (#3002)
provider: bump github.com/hashicorp/terraform-plugin-mux from 0.12.0 to 0.13.0 (#3006)
provider: bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.30.0 to 2.31.0 (#3007)
provider: bump github.com/hashicorp/terraform-plugin-testing from 1.5.1 to 1.6.0 (#2984)
provider: bump github/codeql-action from 2 to 3 (#3005)
provider: bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /tools (#3015)
provider: bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#3017)
resource/cloudflare_teams_rule: Added support for notification settings at teams rule (#3021)

`v4.20.0`

Compare Source

FEATURES:

New Data Source: cloudflare_origin_ca_certificate (#2961)

ENHANCEMENTS:

resource/cloudflare_email_routing_rule: action.value is now optional to support drop rules not requiring it (#2449)
resource/cloudflare_email_routing_rule: add action type drop (#2449)
resource/cloudflare_notification_policy: add support for brand_protection_alert alert type (#2937)
resource/cloudflare_notification_policy: add support for brand_protection_digest alert type (#2937)
resource/cloudflare_notification_policy: add support for logo_match_alert alert type (#2937)
resource/cloudflare_notification_policy: add support for magic_tunnel_health_check_event alert type (#2937)
resource/cloudflare_notification_policy: add support for maintenance_event_notification alert type (#2937)
resource/cloudflare_notification_policy: add support for mtls_certificate_store_certificate_expiration_type alert type (#2937)
resource/cloudflare_notification_policy: add support for radar_notification alert type (#2937)
resource/cloudflare_ruleset: make rate limiting requests_to_origin optional with a default value of false to match the API behaviour (#2954)

BUG FIXES:

resource/cloudflare_list_item: fix list_item for asn and hostname types (#2951)
resource/cloudflare_notification_policy: Fix missing new_status filter required by tunnel_health_event policies (#2390)

DEPENDENCIES:

provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.1 to 1.25.3 (#2948)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.3 to 1.25.4 (#2953)
provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.4 to 1.25.5 (#2956)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.42.2 to 1.43.0 (#2948)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.43.0 to 1.43.1 (#2953)
provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.43.1 to 1.44.0 (#2956)
provider: bump github.com/aws/aws-sdk-go-v2 from 1.23.0 to 1.23.1 (#2953)
provider: bump github.com/cloudflare/cloudflare-go from 0.81.0 to 0.82.0 (#2957)
provider: bump github.com/hashicorp/terraform-plugin-go from 0.19.0 to 0.19.1 (#2942)
provider: bump golang.org/x/net from 0.18.0 to 0.19.0 (#2967)
provider: updates github.com/aws/aws-sdk-go-v2/config from 1.24.0 to 1.25.1 (#2945)
provider: updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.42.1 to 1.42.2 (#2945)
provider: updates github.com/aws/aws-sdk-go-v2 from 1.22.2 to 1.23.0 (#2945)

`v4.19.0`

Compare Source

NOTES:

resource/cloudflare_argo: tiered_caching attribute is deprecated in favour of the dedicated cloudflare_tiered_cache resource. (#2906)

FEATURES:

New Resource: cloudflare_keyless_certificate (#2779)

ENHANCEMENTS:

resource/cloudflare_notification_policy: Add support for incident_alert type (#2901)
resource/cloudflare_zone: add support for secondary zone types (#2939)

BUG FIXES:

resource/cloudflare_list_item: ensure each item has its own ID and is not based on the latest created entry (#2922)

INTERNAL:

provider: prevent new resources and datasources from being created with terraform-plugin-sdk (#2871)

DEPENDENCIES:

provider: bumps github.com/aws/aws-sdk-go-v2 from 1.21.2 to 1.22.0 (#2899)
provider: bumps github.com/aws/aws-sdk-go-v2 from 1.22.0 to 1.22.1 (#2904)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.19.1 to 1.20.0 (#2898)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.20.0 to 1.21.0 (#2902)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.21.0 to 1.22.0 (#2908)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.22.0 to 1.22.1 (#2912)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.22.1 to 1.22.2 (#2917)
provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.40.2 to 1.41.0 (#2897)
provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.41.0 to 1.42.0 (#2905)
provider: bumps github.com/cloudflare/cloudflare-go from 0.80.0 to 0.81.0 (#2919)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.29.0 to 2.30.0 (#2925)
provider: bumps golang.org/x/net from 0.17.0 to 0.18.0 (#2921)
provider: updates github.com/aws/aws-sdk-go-v2/config from 1.22.2 to 1.23.0 (#2931)
provider: updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.42.0 to 1.42.1 (#2931)
provider: updates github.com/aws/aws-sdk-go-v2 from 1.22.1 to 1.22.2 (#2931)

`v4.18.0`

Compare Source

FEATURES:

New Data Source: cloudflare_device_posture_rules (#2868)
New Data Source: cloudflare_tunnel (#2866)
New Data Source: cloudflare_tunnel_virtual_network (#2867)
New Resource: cloudflare_api_shield_operation_schema_validation_settings (#2852)
New Resource: cloudflare_api_shield_schema_validation_settings (#2841)

ENHANCEMENTS:

resource/cloudflare_load_balancer: Add support for least_connections steering (#2818)
resource/cloudflare_load_balancer_pool: Add support for least_connections origin steering (#2818)
resource/cloudflare_logpush_job: add support for casb_findings dataset (#2859)
resource/cloudflare_teams_account: Add non_identity_browser_isolation_enabled field (#2878)
resource/cloudflare_teams_account: add support for body_scanning config (#2887)
resource/cloudflare_workers_script: add support for placement config (#2893)

BUG FIXES:

resource/cloudflare_observatory_scheduled_test: Add missing 'asia-south1' region (#2891)
resource/cloudflare_rulesets: Allow zero to not default to null for mitigation_timeout (#2874)

DEPENDENCIES:

ci: drop separate misspell installation (#2814)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.19.0 to 1.19.1 (#2877)
provider: bumps github.com/cloudflare/cloudflare-go from 0.79.0 to 0.80.0 (#2883)
provider: bumps github.com/google/uuid from 1.3.1 to 1.4.0 (#2889)
provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.4.1 to 1.4.2 (#2876)

`v4.17.0`

Compare Source

FEATURES:

New Resource: cloudflare_access_tag (#2776)
New Resource: cloudflare_api_shield_schema (#2784)
New Resource: cloudflare_d1_database (#2850)
New Resource: cloudflare_observatory_scheduled_test (#2807)

ENHANCEMENTS:

provider: allow defining a user agent operator suffix through the schema field (user_agent_operator_suffix) and via the environment variable (CLOUDFLARE_USER_AGENT_OPERATOR_SUFFIX) (#2831)
resource/cloudflare_access_application: Add idp_entity_id, public_key and sso_endpoint attributes to saas_app (#2838)
resource/cloudflare_access_application: adds the ability to associate a tag with an application. (#2776)
resource/cloudflare_access_organization: Add session_duration field (#2857)
resource/cloudflare_access_policy: Add session_duration field (#2857)
resource/cloudflare_ruleset: Add support for the use of Additional Cacheable Ports option in the Rulesets API (#2854)
resource/cloudflare_teams_accounts: Add support for setting ssh encryption key in ZT settings (#2826)
resource/cloudflare_zone_settings_override: Add support for fonts (#2773)

BUG FIXES:

resource/cloudflare_access_application: fix import of cloudflare_access_application not reading saas_app config (#2843)
resource/cloudflare_access_policy: Send purpose justification settings properly on updates (#2836)
resource/cloudflare_bot_management: fix fight mode not being sent to API (#2833)
resource/cloudflare_pages_project: Fix 'preview_branch_includes' always showing it has changes if not provided (#2796)
resource/cloudflare_ruleset: Add note that logging is only supported with the skip action (#2851)

INTERNAL:

provider: updated user agent string to now be terraform-provider-cloudflare/<version> <plugin> <operator suffix> (#2831)

DEPENDENCIES:

provider: bumps github.com/aws/aws-sdk-go-v2 from 1.21.0 to 1.21.1 (#2820)
provider: bumps github.com/aws/aws-sdk-go-v2 from 1.21.1 to 1.21.2 (#2847)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.43 to 1.18.44 (#2823)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.44 to 1.18.45 (#2846)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.19.0 (#2853)
provider: bumps github.com/aws/aws-sdk-go-v2/credentials from 1.13.41 to 1.13.42 (#2821)
provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.40.0 to 1.40.1 (#2822)
provider: bumps github.com/cloudflare/cloudflare-go from 0.78.0 to 0.79.0 (#2832)
provider: bumps github.com/google/go-cmp from 0.5.9 to 0.6.0 (#2830)
provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.4.0 to 1.4.1 (#2828)
provider: bumps golang.org/x/net from 0.15.0 to 0.16.0 (#2819)
provider: bumps golang.org/x/net from 0.16.0 to 0.17.0 (#2829)
provider: bumps golang.org/x/net from 0.7.0 to 0.17.0 (#2837)

`v4.16.0`

Compare Source

BREAKING CHANGES:

resource/cloudflare_spectrum_application: Remove default values, make edge_ips parameter optional. (#2629)

FEATURES:

New Resource: cloudflare_api_shield_operation (#2760)

ENHANCEMENTS:

resource/cloudflare_authenticated_origin_pulls: Improve import, update documentation (#2771)
resource/cloudflare_notification_policy: Add advanced_http_alert_error alert_type (#2789)
resource/cloudflare_notification_policy: Implement the group_by, where and actions options (#2789)
resource/cloudflare_ruleset: Add support for cache bypass by default in Edge TTL modes (#2764)

BUG FIXES:

resource/cloudflare_access_identity_provider: Fix cloudflare_access_identity_provider incorrectly discards SCIM configuration secret (#2744)
resource/cloudflare_notification_policy: handle manually deleted policies by removing them from state (#2791)
resource/cloudflare_ruleset: ability to use exclude_origin=true in cache_key.custom_key.header without the need of specifying include or check_presence. (#2802)
resource/cloudflare_ruleset: mark requests_to_origin required for ratelimit blocks (#2808)

DEPENDENCIES:

provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.40 to 1.18.41 (#2781)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.41 to 1.18.42 (#2792)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.42 to 1.18.43 (#2811)
provider: bumps github.com/aws/aws-sdk-go-v2/credentials from 1.13.39 to 1.13.40 (#2793)
provider: bumps github.com/aws/aws-sdk-go-v2/credentials from 1.13.40 to 1.13.41 (#2810)
provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.38.5 to 1.39.0 (#2782)
provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.39.0 to 1.40.0 (#2795)
provider: bumps github.com/cloudflare/cloudflare-go from 0.77.0 to 0.78.0 (#2797)

`v4.15.0`

Compare Source

ENHANCEMENTS:

resource/cloudflare_access_identity_provider: Support email_claim_name, Okta authorization_server_id, and pingone (#2765)
resource/cloudflare_ruleset: Add support for a new Browser Mode that allows bypass of downstream caches (#2756)
resource/cloudflare_ruleset: Add support for the use of Origin Cache Control in the Rulesets API (#2753)
resource/cloudflare_ruleset: Add support for the use of Proxy Read Timeout field in Rulesets API (#2755)

BUG FIXES:

resource/cloudflare_list: Fix import for cloudflare_list resource (#2663)
resource/cloudflare_record: Updates the cast to a pointer to match changes in the SDK (#2763)
resource/pages_project: force replace when changing pages source (#2750)

DEPENDENCIES:

provider: bumps crazy-max/ghaction-import-gpg from 5 to 6 (#2758)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.39 to 1.18.40 (#2775)
provider: bumps github.com/cloudflare/cloudflare-go from 0.76.0 to 0.77.0 (#2761)
provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.3.5 to 1.4.0 (#2745)
provider: bumps github.com/hashicorp/terraform-plugin-mux from 0.11.2 to 0.12.0 (#2746)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.28.0 to 2.29.0 (#2748)
provider: bumps goreleaser/goreleaser-action from 4.6.0 to 5.0.0 (#2757)

`v4.14.0`

Compare Source

FEATURES:

New Resource: cloudflare_web_analytics_rule (#2686)
New Resource: cloudflare_web_analytics_site (#2686)

ENHANCEMENTS:

resource/cloudflare_access_application: Add custom_non_identity_deny_url field (#2721)
resource/cloudflare_access_group: Improve documentation for access_group usage (#2718)
resource/cloudflare_load_balancer_monitor: add support for consecutive_up and consecutive_down (#2723)
resource/cloudflare_total_tls: add support for importing existing resources (#2734)

BUG FIXES:

resource/cloudflare_access_identity_provider: Fix access IDPs not importing config obj (#2735)

DEPENDENCIES:

provider: bumps actions/checkout from 3 to 4 (#2736)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.36 to 1.18.37 (#2714)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.37 to 1.18.38 (#2731)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.38 to 1.18.39 (#2741)
provider: bumps github.com/aws/aws-sdk-go-v2/credentials from 1.13.35 to 1.13.36 (#2732)
provider: bumps github.com/aws/aws-sdk-go-v2/credentials from 1.13.36 to 1.13.37 (#2740)
provider: bumps github.com/cloudflare/cloudflare-go from 0.75.0 to 0.76.0 (#2726)
provider: bumps github.com/hashicorp/terraform-plugin-framework-validators from 0.11.0 to 0.12.0 (#2727)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.27.0 to 2.28.0 (#2719)
provider: bumps github.com/hashicorp/terraform-plugin-testing from 1.4.0 to 1.5.1 (#2730)
provider: bumps golang.org/x/net from 0.14.0 to 0.15.0 (#2739)
provider: bumps goreleaser/goreleaser-action from 4.4.0 to 4.6.0 (#2742)

`v4.13.0`

Compare Source

FEATURES:

New Data Source: cloudflare_user (#2691)
New Resource: cloudflare_bot_management (#2672)
New Resource: cloudflare_hostname_tls_setting (#2700)
New Resource: cloudflare_hostname_tls_setting_ciphers (#2700)
New Resource: cloudflare_zone_hold (#2671)

ENHANCEMENTS:

datasource/api_token_permission_groups: Add R2 scopes (#2687)
datasource/api_token_permission_groups: Convert to plugin framework (#2687)
resource/cloudflare_access_application: adds support for custom saml attributes in saas access apps (#2676)
resource/cloudflare_access_group: add support for AccessGroupAzureAuthContext (#2654)
resource/cloudflare_access_identity_provider: add conditional_access_enabled attr (#2654)
resource/cloudflare_access_service_token: add support for managing Duration (#2647)
resource/cloudflare_device_posture_integration: update support for managing tanium_s2s third party posture provider. (#2674)
resource/cloudflare_device_posture_rule: update support for new fields for tanium_s2s posture rule. (#2674)
resource/cloudflare_notification_policy: Add possibility to configure Pages Alerts. (#2694)
resource/cloudflare_waiting_room: Add queueing_status_code to the Waiting Room resource (#2666)
resource/cloudflare_worker_domain: add support for Import operations (#2679)

BUG FIXES:

resource/cloudflare_access_group: Fix issue where saml rules would not read the IDP id from the API (#2683)
resource/cloudflare_rulest: allow configuring an origin Port value without the Host (and vice versa) (#2677)

DEPENDENCIES:

provider: bumps github.com/aws/aws-sdk-go-v2 from 1.20.1 to 1.20.2 (#2695)
provider: bumps github.com/aws/aws-sdk-go-v2 from 1.20.3 to 1.21.0 (#2710)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.33 to 1.18.34 (#2697)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.34 to 1.18.35 (#2706)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.35 to 1.18.36 (#2708)
provider: bumps github.com/aws/aws-sdk-go-v2/credentials from 1.13.32 to 1.13.33 (#2696)
provider: bumps github.com/aws/aws-sdk-go-v2/credentials from 1.13.33 to 1.13.34 (#2703)
provider: bumps github.com/aws/aws-sdk-go-v2/credentials from 1.13.34 to 1.13.35 (#2709)
provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.38.2 to 1.38.3 (#2698)
provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.38.3 to 1.38.4 (#2705)
provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.38.4 to 1.38.5 (#2707)
provider: bumps github.com/cloudflare/cloudflare-go from 0.74.0 to 0.75.0 (#2685)
provider: bumps github.com/google/uuid from 1.3.0 to 1.3.1 (#2711)
provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.3.4 to 1.3.5 (#2699)
provider: bumps goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (#2675)

`v4.12.0`

Compare Source

BREAKING CHANGES:

resource/cloudflare_ruleset: remove shareable_entitlement_name per the Go library changes since it hasn't ever been controllable by users (#2652)

FEATURES:

New Data Source: cloudflare_zone_cache_reserve (#2642)
New Resource: cloudflare_access_custom_page (#2643)
New Resource: cloudflare_zone_cache_reserve (#2642)

ENHANCEMENTS:

resource/cloudflare_access_application: adds the ability to associate a custom page with an application. (#2643)
resource/cloudflare_access_organization: adds the ability to associate a custom page with an organization. (#2643)
resource/cloudflare_notification_policy: Add support for pages_event_alert alert type (#2602)
resource/cloudflare_pages_project: Allow renaming projects without destroying and recreating (#2602)
resource/cloudflare_teams_account: Adds support for protocol detection feature (#2625)
resource/cloudflare_user_agent_blocking_rules: add support for importing resources (#2640)

BUG FIXES:

resource/cloudflare_custom_hostname: prevent infinite loop when wait_for_ssl_pending_validation is set if SSL status is already active (#2638)
resource/cloudflare_load_balancer: fix full deletion of pop_pools, region_pools, country_pools on update (#2673)
resource/cloudflare_load_balancer: handle inconsistent sorting bug in schema.HashResource resulting in resources incorrectly being updated when no changes have been made (#2635)
resource/cloudflare_pages_project: deployment_configs are now computed (#2602)

DEPENDENCIES:

provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.29 to 1.18.32 (#2651)
provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.32 to 1.18.33 (#2670)
provider: bumps github.com/aws/aws-sdk-go-v2/credentials from 1.13.28 to 1.13.31 (#2648)
provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.37.0 to 1.38.1 (#2650)
provider: bumps github.com/cloudflare/cloudflare-go from 0.73.0 to 0.74.0 (#2652)
provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.3.3 to 1.3.4 (#2657)
provider: bumps github.com/hashicorp/terraform-plugin-framework-validators from 0.10.0 to 0.11.0 (#2658)
provider: bumps golang.org/x/net from 0.12.0 to 0.13.0 (#2646)
provider: bumps golang.org/x/net from 0.13.0 to 0.14.0 (#2661)

`v4.11.0`

Compare Source

FEATURES:

New Resource: cloudflare_regional_tiered_cache (#2624)

ENHANCEMENTS:

resource/cloudflare_device_posture_integration: add support for managing sentinelone_s2s third party posture provider. (#2618)
resource/cloudflare_device_posture_rule: add ability to create client_certificate and sentinelone_s2s posture rule (#2618)
resource/cloudflare_load_balancer: support header session affinity policy (#2521)
resource/record: Allow SVCB DNS record (#2632)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.72.0 to 0.73.0 (#2626)
provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.3.2 to 1.3.3 (#2627)
provider: bumps github.com/hashicorp/terraform-plugin-mux from 0.11.1 to 0.11.2 (#2616)
provider: bumps github.com/hashicorp/terraform-plugin-testing from 1.3.0 to 1.4.0 (#2631)

`v4.10.0`

Compare Source

FEATURES:

New Data Source: clouflare_access_application (#2547)

ENHANCEMENTS:

resource/cloudflare_access_ca_certificate: remove redundant certificate_id from Import requirements as it is never used (#2547)
resource/cloudflare_load_balancer_monitor: Add example import. (#2572)

BUG FIXES:

resource/cloudflare_load_balancer: fix import of load_balancer when rules included overrides or fixed_response (#2571)
resource/cloudflare_record: fix importing of DNSKEY record types (#2568)
resource/cloudflare_ruleset: Fix detection of conflicting entrypoint rulesets (#2566)

DEPENDENCIES:

provider: bumps dependabot/fetch-metadata from 1.5.1 to 1.6.0 (#2557)
provider: bumps github.com/cloudflare/cloudflare-go from 0.70.0 to 0.72.0 (#2584)
provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.3.1 to 1.3.2 (#2563)
provider: bumps github.com/hashicorp/terraform-plugin-go from 0.17.0 to 0.18.0 (#2580)
provider: bumps github.com/hashicorp/terraform-plugin-mux from 0.10.0 to 0.11.0 (#2564)
provider: bumps github.com/hashicorp/terraform-plugin-mux from 0.11.0 to 0.11.1 (#2567)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.26.1 to 2.27.0 (#2565)
provider: bumps golang.org/x/net from 0.11.0 to 0.12.0 (#2589)

`v4.9.0`

Compare Source

NOTES:

resource/cloudflare_pages_project: Clarify example projects resource (#2543)

ENHANCEMENTS:

resource/cloudflare_notification_policy: Add alert_trigger_preferences to the filters block. (#2535)
resource/cloudflare_waiting_room: Add additional_routes and cookie_suffix to the Waiting Room resource (#2528)

BUG FIXES:

resource/cloudflare_access_ca_certificate: Fix issue with importing existing certificate as the application id was not being set. (#2539)
resource/cloudflare_teams_rules: handle state correctly when rules_setting is empty (#2532)
resource/cloudflare_tunnel_config: fix sending incorrect values for various timeouts in the origin configuration block (#2510)
tunnel_config: fix nil pointers for time.Durations (#2504)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.69.0 to 0.70.0 (#2541)
provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.3.0 to 1.3.1 (#2529)
provider: bumps github.com/hashicorp/terraform-plugin-go from 0.15.0 to 0.16.0 (#2536)

`v4.8.0`

Compare Source

BREAKING CHANGES:

resource/cloudflare_ruleset: Prevent the rule ID, version and last updated attributes from being set (#2511)

ENHANCEMENTS:

cloudflare_pages_project: add placement to deployment config (#2480)
resource/access_application: add support for self_hosted_domains (#2441)
resource/cloudflare_custom_hostname: add support for bundle_method TLS configuration (#2494)
resource/cloudflare_device_posture_rule: add ability to create intune and kolide s2s posture rule creation (#2474)
resource/cloudflare_device_settings_policy: add description to device settings policy (#2474)
resource/cloudflare_load_balancer: Add support for least_outstanding_requests steering (#2472)
resource/cloudflare_load_balancer_pool: Add support for least_outstanding_requests origin steering (#2472)
resource/cloudflare_page_rule: removes ability to set wildcards for include and exclude, provides guidance on proper values to use instead (#2491)
resource/cloudflare_teams_account: add ability to set root_ca for ZT Accounts (#2474)

BUG FIXES:

cloudflare_pages_project: use user provided configuration for secrets in the state handler since the API does not return them (#2480)
resource/cloudflare_certificate_pack: handle UI deletion scenarios for HTTP 404s and status = "deleted" responses (#2497)
resource/cloudflare_custom_hostname: use user provided values for state management when the API response isn't provided (#2494)
resource/cloudflare_origin_ca_certificate: mark csr as Required (#2496)
resource/cloudflare_ruleset: Mark that the ruleset must be re-created if the shareable entitlement name attribute changes (#2511)
resource/cloudflare_ruleset: Populate the rule ID, ref, version and last updated attributes in API requests and from API responses (#2511)
resource/cloudflare_ruleset: Populate the shareable entitlement name attribute in API requests and from API responses (#2511)
resource/cloudflare_ruleset: handle Import operations where the required values are missing for providing a nicer error message (#2503)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.68.0 to 0.69.0 (#2507)
provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.2.0 to 1.3.0 (#2509)
provider: bumps github.com/hashicorp/terraform-plugin-log from 0.8.0 to 0.9.0 (#2489)
provider: bumps github.com/hashicorp/terraform-plugin-testing from 1.2.0 to 1.3.0 (#2524)
provider: bumps golang.org/x/net from 0.10.0 to 0.11.0 (#2523)
provider: bumps goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (#2519)

`v4.7.1`

Compare Source

BUG FIXES:

resource/cloudflare_list: remove IsIPAddress validation that doesn't take into account CIDR notation (#2486)

`v4.7.0`

Compare Source

NOTES:

resource/cloudflare_filter: This resource is being deprecated in favor of the cloudflare_rulesets resource. See https://developers.cloudflare.com/waf/reference/migration-guides/firewall-rules-to-custom-rules/#relevant-changes-for-terraform-users for more details. (#2442)
resource/cloudflare_firewall_rule: This resource is being deprecated in favor of the cloudflare_rulesets resource. See https://developers.cloudflare.com/waf/reference/migration-guides/firewall-rules-to-custom-rules/#relevant-changes-for-terraform-users for more details. (#2442)

FEATURES:

New Resource: cloudflare_r2_bucket (#2378)

ENHANCEMENTS:

resource/cloudflare_account: provide account ID for error handling in resourceCloudflareAccountDelete (#2436)
resource/cloudflare_device_posture_integration: add api_url to uptycs posture integration config. (#2468)
resource/cloudflare_list: add support for Hostname and ASN lists. (#2483)
resource/cloudflare_tunnel_config: add support for origin config on ingress rule and access (#2477)

BUG FIXES:

resource/cloudflare_logpush_job: Properly set dataset field when importing logpush jobs (#2444)
resource/cloudflare_pages_project: suggest a better default value for root_dir (#2440)
resource/cloudflare_ruleset: Validation of ttls for action_parameters with edge_ttl or browser_ttl mode of override_origin (#2454)
resource/cloudflare_workers_kv: Fix import to properly parse the id (#2434)

DEPENDENCIES:

provider: bumps dependabot/fetch-metadata from 1.4.0 to 1.5.0 (#2463)
provider: bumps dependabot/fetch-metadata from 1.5.0 to 1.5.1 (#2469)
provider: bumps github.com/cloudflare/cloudflare-go from 0.67.0 to 0.68.0 (#2466)
provider: bumps github.com/stretchr/testify from 1.8.2 to 1.8.3 (#2457)
provider: bumps github.com/stretchr/testify from 1.8.3 to 1.8.4 (#2484)

`v4.6.0`

Compare Source

ENHANCEMENTS:

resource/cloudflare_ruleset: add support for auto compression in the compress_response action (#2409)
resource/cloudflare_waiting_room_settings: add support for waiting room zone-level settings. (#2419)

BUG FIXES:

resource/cloudflare_notification_policy: Fix unexpected crashes when setting target_hostname with a filters attribute (#2425)
resource/cloudflare_ruleset: allow FromValue.PreserveQueryString to be nullable and handled correctly (#2414)
resource/cloudflare_ruleset: allow using 0 as an edge TTL value without conflicting with Go types for zeros (#2415)
resource/cloudflare_turnstile_widget: align schema to match what is returned by the API and fix updating the widget (#2413)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.66.0 to 0.67.0 (#2429)
provider: bumps golang.org/x/net from 0.9.0 to 0.10.0 (#2421)

`v4.5.0`

Compare Source

FEATURES:

New Resource: cloudflare_regional_hostname (#2396)
New Resource: cloudflare_turnstile_widget (#2380)

ENHANCEMENTS:

resource/cloudflare_device_posture_rule: Add support for sentinelone type. (#2279)
resource/cloudflare_logpush_job: Fix schema for logpush job dataset field (#2397)
resource/cloudflare_logpush_job: add max upload parameters (#2394)
resource/cloudflare_logpush_job: add support for device_posture_results and zero_trust_network_sessions. (#2405)
resource/cloudflare_notification_policy: Added support for setting Megabits per second threshold for dos alert in Cloudflare notification policy resource. (#2404)
resource/cloudflare_pages_project: added secrets to Pages project. Secrets are encrypted environment variables, ideal for secrets such as API tokens. See documentation here: https://developers.cloudflare.com/pages/platform/functions/bindings/#secrets (#2399)
resource/cloudflare_ruleset: add support for the compress_response action (#2372)
resource/cloudflare_ruleset: add support for the http_response_compression phase (#2372)

BUG FIXES:

resource/cloudflare_load_balancer: fixes random_steering being unset on value updates (#2403)
resource/cloudflare_pages_project: fixes pages project acceptance test (#2402)
resource/cloudflare_ruleset: ensure custom cache keys using query parameters are defined as known values for state handling (#2388)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.65.0 to 0.66.0 (#2398)
provider: bumps github.com/hashicorp/terraform-plugin-mux from 0.9.0 to 0.10.0 (#2395)

`v4.4.0`

Compare Source

NOTES:

resource/cloudflare_ruleset: introduced future deprecation warning for the http_request_sbfm phase. (#2382)

ENHANCEMENTS:

resource/cloudflare_access_organization: Add auto_redirect_to_identity flag (#2356)
resource/cloudflare_access_policy: Add isolation_required flag (#2351)
resource/cloudflare_tunnel: Adds config_src parameter (#2369)
resource/cloudflare_worker_script: Add logpush attribute (#2375)

INTERNAL:

scripts/generate-changelog-entry: make error message match the executable we are expecting (#2357)

DEPENDENCIES:

provider: bumps dependabot/fetch-metadata from 1.3.6 to 1.4.0 (#2383)
provider: bumps github.com/cloudflare/cloudflare-go from 0.64.0 to 0.65.0 (#2370)
provider: bumps golang.org/x/net from 0.8.0 to 0.9.0 (#2359)
provider: bumps peter-evans/create-or-update-comment from 2 to 3 (#2355)

`v4.3.0`

Compare Source

NOTES:

adds support for a basic flox environment project (#2345)

FEATURES:

New Resource: cloudflare_device_dex_tests (#2250)
New Resource: cloudflare_worker_domain (#2339)

ENHANCEMENTS:

resource/cloudflare_access_group: Add example of usage of Azure (#2332)
resource/cloudflare_access_identity_provider: add claims and scopes fields (#2313)
resource/cloudflare_access_identity_provider: add ability for users to enable SCIM provisioning on their Identity Providers (#2147)
resource/cloudflare_device_posture_integration: add support for managing kolide third party posture provider. (#2321)
resource/cloudflare_device_settings_policy: use new cloudflare.ServiceMode type (#2331)
resource/cloudflare_ruleset: enforce schema validation of conflicting cache key parameters (#2326)
resource/cloudflare_teams_rules: updated gateway rule action audit ssh and rule settings (#2303)
resource/cloudflare_worker_script: Add compatibility_flags attribute (#2324)
resources/device_settings_policy: add validation for possible service_mode_v2_mode values (#2331)

BUG FIXES:

datasource/cloudflare_devices: Fix cloudflare_devices data source to return devices correctly and not error (#2348)
resource/cloudflare_custom_ssl: fix json sent to API when geo_restrictions are not used (#2319)

DEPENDENCIES:

provider: bumps actions/stale from 7 to 8 (#2322)
provider: bumps github.com/cloudflare/cloudflare-go from 0.63.0 to 0.64.0 (#2344)
provider: bumps github.com/hashicorp/terraform-plugin-go from 0.14.3 to 0.15.0 (#2333)
provider: bumps github.com/hashicorp/terraform-plugin-testing from 1.1.0 to 1.2.0 (#2320)

`v4.2.0`

Compare Source

BREAKING CHANGES:

resource/cloudflare_ruleset: status has been removed in favour of enabled now that the workaround for zero values is no longer required (#2271)

NOTES:

cloudflare_ruleset has been migrated to the terraform-plugin-framework in doing so addresses issues with the internal representation of zero values. A downside to this is that to get the full benefits, you will need to remove the resource from your Terraform state (terraform state rm ...) and then import the resource back into your state. Along with this, you will need to update any references to status which was the previous workaround for the enabled values. If you have status = "enabled" you will need to replace it with enabled = true and similar for status = "disabled" to be replaced with enabled = false. (#2271)

FEATURES:

New Data Source: cloudflare_list (#2296)
New Data Source: cloudflare_lists (#2296)
New Resource: cloudflare_address_map (#2290)
New Resource: cloudflare_list_item (#2304)

ENHANCEMENTS:

resource/access_organization: add ui_read_only_toggle_reason field (#2175)
resource/cloudflare_device_posture_rule: Support check_disks in the input block schema. (#2280)
resource/cloudflare_notification_policy_webhooks: ensure url triggers recreation, not in-place updates (#2302)
resource/cloudflare_tunnel: rename references of cloudflare_argo_tunnel to cloudflare_tunnel in documentation (#2281)
resource/cloudflare_tunnel_config: add support for import of cloudflare_tunnel_config (#2298)
resource/cloudflare_tunnel_config: rename references of cloudflare_argo_tunnel to cloudflare_tunnel in documentation (#2281)
resource/cloudflare_tunnel_route: rename references of cloudflare_argo_tunnel to cloudflare_tunnel in documentation (#2281)
resource/cloudflare_worker_script: Add compatibility_date attribute (#2300)

BUG FIXES:

resource/cloudflare_ruleset: support cache rules for status range >= and =< operations (#2307)
resource/cloudflare_teams_account: fixes an issue where accounts that had never configured DLP payload logging would error upon reading this resource (#2284)

INTERNAL:

resource/cloudflare_ruleset: migrate from SDKv2 to terraform-plugin-framework (#2271)
test: swap SDKv2 testing harness to github.com/hashicorp/terraform-plugin-testing (#2272)

DEPENDENCIES:

provider: bumps actions/setup-go from 3 to 4 (#2291)
provider: bumps github.com/cloudflare/cloudflare-go from 0.62.0 to 0.63.0 (#2289)
provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.1.1 to 1.2.0 (#2314)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.25.1-0.20230317190757-53a4ec42ea7e to 2.26.0 (#2308)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.26.0 to 2.26.1 (#2315)

`v4.1.0`

Compare Source

ENHANCEMENTS:

resource/cloudflare_cloudflare_teams_rules: Add untrusted_cert setting to teams rules settings (#2256)
resource/cloudflare_teams_account: Add support for DLP payload logging public key (#2267)
resource/cloudflare_teams_rule: Add support for enabling DLP payload logging per-rule (#2267)
resource/cloudflare_waiting_room: add 'ru-RU' and 'fa-IR' to default_template_language field (#2262)

BUG FIXES:

resource/cloudflare_access_group: fixes an issue where Azure group rules with different identity provider ids would override each other (#2270)
resource/cloudflare_notification_policy: ensure all emails are saved if multiple email_integration values specified (#2248)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.61.0 to 0.62.0 (#2268)
provider: bumps github.com/stretchr/testify from 1.8.1 to 1.8.2 (#2263)
provider: bumps golang.org/x/net from 0.7.0 to 0.8.0 (#2274)

`v4.0.0`

Compare Source

Warning Prior to upgrading you should ensure you have adequate backups in the event you need to rollback to version 3. This is a major version bump and involves backwards incompatible changes.

3.x to 4.x upgrade guide

BREAKING CHANGES:

datasource/cloudflare_waf_groups: removed in favour of cloudflare_rulesets (#2138)
datasource/cloudflare_waf_packages: removed in favour of cloudflare_rulesets (#2138)
datasource/cloudflare_waf_rules: removed in favour of cloudflare_rulesets (#2138)
provider: account_id is no longer available as a global configuration option. Instead, use the resource specific attributes. (#2139)
resource/cloudflare_access_bookmark: resource has been removed in favour of configuration on cloudflare_access_application (#2136)
resource/cloudflare_access_rule: require explicit zone_id or account_id and remove implicit fallback to user level rules (#2157)
resource/cloudflare_account_member: account_id is now required (#2153)
resource/cloudflare_account_member: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_argo_tunnel: resource has been renamed to cloudflare_tunnel (#2135)
resource/cloudflare_ip_list: removed in favour of cloudflare_list (#2137)
resource/cloudflare_load_balancer: Migrate session_affinity_attributes from TypeMap to TypeSet (#1959)
resource/cloudflare_load_balancer: session_affinity_attributes.drain_duration is now TypeInt instead of TypeString (#1959)
resource/cloudflare_load_balancer_monitor: account_id is now required (#2153)
resource/cloudflare_load_balancer_monitor: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_load_balancer_pool: account_id is now required (#2153)
resource/cloudflare_load_balancer_pool: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_spectrum_application: edge_ip_connectivity is now nested under edge_ips as connectivity (#2219)
resource/cloudflare_spectrum_application: edge_ips.type is now a required field (#2219)
resource/cloudflare_spectrum_application: edge_ips now contains nested attributes other than IP ranges. type and connectivity have been added. edge_ips.ips contains the static IP addresses that used to reside at edge_ips. (#2219)
resource/cloudflare_waf_group: removed in favour of cloudflare_ruleset (#2138)
resource/cloudflare_waf_override: removed in favour of cloudflare_ruleset (#2138)
resource/cloudflare_waf_package: removed in favour of cloudflare_ruleset (#2138)
resource/cloudflare_waf_rule: removed in favour of cloudflare_ruleset (#2138)
resource/cloudflare_workers_kv: account_id is now required (#2153)
resource/cloudflare_workers_kv: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_workers_kv_namespace: account_id is now required (#2153)
resource/cloudflare_workers_kv_namespace: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_workers_script: account_id is now required (#2153)
resource/cloudflare_workers_script: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_zone: account_id is now required (#2153)
resource/cloudflare_zone: no longer sets client.AccountID internally and relies on the resource provided value (#2154)

`v3.35.0`

Compare Source

FEATURES:

New Data Source: cloudflare_rulesets (#2220)

ENHANCEMENTS:

resource/cloudflare_argo_tunnel: mark tunnel_token as sensitive (#2231)
resource/cloudflare_device_settings_policy: Add new flag MS IP Exclusion for device policies (#2236)
resource/cloudflare_dlp_profile: Add new allowed_match_count field to profiles (#2210)

BUG FIXES:

resource/cloudflare_logpush_job: fixing typo in comment (#2238)
resource/cloudflare_record: always send tags object which allows removal of unwanted tags (#2205)
resource/cloudflare_tunnel_config: use correct notation for nested lists (#2235)

INTERNAL:

internal: bump Go version to 1.20 (#2243)

DEPENDENCIES:

provider: bump golang.org/x/net to v0.7.0 (#2245)
provider: bumps github.com/cloudflare/cloudflare-go from 0.60.0 to 0.61.0 (#2240)
provider: bumps github.com/hashicorp/terraform-plugin-framework-validators from 0.9.0 to 0.10.0 (#2227)
provider: bumps github.com/hashicorp/terraform-plugin-mux from 0.8.0 to 0.9.0 (#2228)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.24.1 to 2.25.0 (#2239)
provider: bumps golang.org/x/net from 0.6.0 to 0.7.0 (#2241)

`v3.34.0`

Compare Source

BREAKING CHANGES:

datasource/cloudflare_waf_groups: removed with no current replacement (#2138)
datasource/cloudflare_waf_packages: removed with no current replacement (#2138)
datasource/cloudflare_waf_rules: removed with no current replacement (#2138)
provider: account_id is no longer available as a global configuration option. Instead, use the resource specific attributes. (#2139)
resource/cloudflare_access_bookmark: resource has been removed in favour of configuration on cloudflare_access_application (#2136)
resource/cloudflare_access_rule: require explicit zone_id or account_id and remove implicit fallback to user level rules (#2157)
resource/cloudflare_account_member: account_id is now required (#2153)
resource/cloudflare_account_member: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_argo_tunnel: resource has been renamed to cloudflare_tunnel (#2135)
resource/cloudflare_ip_list: removed in favour of cloudflare_list (#2137)
resource/cloudflare_load_balancer: Migrate session_affinity_attributes from TypeMap to TypeSet (#1959)
resource/cloudflare_load_balancer: session_affinity_attributes.drain_duration is now TypeInt instead of TypeString (#1959)
resource/cloudflare_load_balancer_monitor: account_id is now required (#2153)
resource/cloudflare_load_balancer_monitor: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_load_balancer_pool: account_id is now required (#2153)
resource/cloudflare_load_balancer_pool: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_notification_policy: alert types block_notification_review_accepted and workers_uptime have been removed. (#2215)
resource/cloudflare_notification_policy: alert types g6_health_alert has been renamed to load_balancing_health_alert (#2215)
resource/cloudflare_notification_policy: alert types g6_pool_toggle_alert has been renamed to load_balancing_pool_enablement_alert (#2215)
resource/cloudflare_notification_policy: alert types scriptmonitor_alert_new_max_length_script_url has been renamed to scriptmonitor_alert_new_max_length_resource_url (#2215)
resource/cloudflare_notification_policy: alert types scriptmonitor_alert_new_scripts has been renamed to scriptmonitor_alert_new_resources (#2215)
resource/cloudflare_waf_group: removed in favour of cloudflare_ruleset (#2138)
resource/cloudflare_waf_override: removed in favour of cloudflare_ruleset (#2138)
resource/cloudflare_waf_package: removed in favour of cloudflare_ruleset (#2138)
resource/cloudflare_waf_rule: removed in favour of cloudflare_ruleset (#2138)
resource/cloudflare_workers_kv: account_id is now required (#2153)
resource/cloudflare_workers_kv: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_workers_kv_namespace: account_id is now required (#2153)
resource/cloudflare_workers_kv_namespace: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_workers_script: account_id is now required (#2153)
resource/cloudflare_workers_script: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_zone: account_id is now required (#2153)
resource/cloudflare_zone: no longer sets client.AccountID internally and relies on the resource provided value (#2154)

FEATURES:

New Resource: cloudflare_mtls_certificate (#2182)
New Resource: cloudflare_queue (#2134)

ENHANCEMENTS:

resource/cloudflare_notification_policy: alert types block_notification_block_removed, fbm_dosd_attack, scriptmonitor_alert_new_max_length_resource_url, scriptmonitor_alert_new_resources, tunnel_health_event, tunnel_update_event have been added. (#2215)
resource/cloudflare_ruleset: Preserve IDs of unmodified rules when updating rulesets (#2172)
resource/cloudflare_ruleset: add support for score_per_period and score_response_header_name (#2177)
resource/cloudflare_worker_script: add support for queue_binding (#2134)

BUG FIXES:

resource/cloudflare_account_member: allow status to be computed when not provided (#2217)
resource/cloudflare_page_rule: fix failing page rules acceptance tests (#2213)
resource/cloudflare_page_rule: make cache_key_fields optional to align with API constraints (#2192)
resource/cloudflare_page_rule: remove empty cookie and header fields when applying this resource (#2208)
resource/cloudflare_pages_project: changing name will now force recreation of the project (#2216)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.59.0 to 0.60.0 (#2204)
provider: bumps goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#2201)

`v3.33.1`

Compare Source

BUG FIXES:

provider: remove conflicting ExactlyOneOf schema validation from framework schema (#2185)

`v3.33.0`

Compare Source

BREAKING CHANGES:

datasource/cloudflare_waf_groups: removed with no current replacement (#2138)
datasource/cloudflare_waf_packages: removed with no current replacement (#2138)
datasource/cloudflare_waf_rules: removed with no current replacement (#2138)
provider: account_id is no longer available as a global configuration option. Instead, use the resource specific attributes. (#2139)
resource/cloudflare_access_bookmark: resource has been removed in favour of configuration on cloudflare_access_application (#2136)
resource/cloudflare_access_rule: require explicit zone_id or account_id and remove implicit fallback to user level rules (#2157)
resource/cloudflare_account_member: account_id is now required (#2153)
resource/cloudflare_account_member: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_argo_tunnel: resource has been renamed to cloudflare_tunnel (#2135)
resource/cloudflare_ip_list: removed in favour of cloudflare_list (#2137)
resource/cloudflare_load_balancer_monitor: account_id is now required (#2153)
resource/cloudflare_load_balancer_monitor: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_load_balancer_pool: account_id is now required (#2153)
resource/cloudflare_load_balancer_pool: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_waf_group: removed in favour of cloudflare_ruleset (#2138)
resource/cloudflare_waf_override: removed in favour of cloudflare_ruleset (#2138)
resource/cloudflare_waf_package: removed in favour of cloudflare_ruleset (#2138)
resource/cloudflare_waf_rule: removed in favour of cloudflare_ruleset (#2138)
resource/cloudflare_workers_kv: account_id is now required (#2153)
resource/cloudflare_workers_kv: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_workers_kv_namespace: account_id is now required (#2153)
resource/cloudflare_workers_kv_namespace: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_workers_script: account_id is now required (#2153)
resource/cloudflare_workers_script: no longer sets client.AccountID internally and relies on the resource provided value (#2154)
resource/cloudflare_zone: account_id is now required (#2153)
resource/cloudflare_zone: no longer sets client.AccountID internally and relies on the resource provided value (#2154)

ENHANCEMENTS:

provider: mux terraform-plugin-sdk/v2 and terraform-plugin-framework (#2170)
resource/cloudflare_access_group: supports ip_list property. (#2073)
resource/cloudflare_access_organization: add support for user_seat_expiration_inactive_time (#2115)
resource/cloudflare_ruleset: do not let edge_ttl: default be zero (#2143)
resource/cloudflare_teams_accounts: adds support for mailto_address and mailto_subject blockpage settings (#2146)
resource/cloudflare_teams_rules: adds egress rule settings. (#2159)

BUG FIXES:

resource/cloudflare_record: fix issue with DNS comments and tags not being set for new records (#2148)

DEPENDENCIES:

provider: bumps dependabot/fetch-metadata from 1.3.5 to 1.3.6 (#2183)
provider: bumps github.com/cloudflare/cloudflare-go from 0.58.1 to 0.59.0 (#2166)

`v3.32.0`

Compare Source

FEATURES:

New Resource: cloudflare_device_managed_networks (#2126)

ENHANCEMENTS:

provider: X-Auth-Email, X-Auth-Key, X-Auth-User-Service-Key and Authorization values are now automatically redacted from debug logs (#2123)
provider: use inbuilt cloudflare-go logger for HTTP interactions (#2123)
resource/cloudflare_device_posture_rule: add ability to create crowdstrike s2s posture rule creation (#2128)
resource/cloudflare_origin_ca: support all authentication schemes (#2124)
resource/cloudflare_pages_project: adds support for always_use_latest_compatibility_date, fail_open, service_binding and usage_model (#2083)
resource/cloudflare_record: add support for tags and comments. (#2105)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.57.1 to 0.58.1 (#2122)

`v3.31.0`

Compare Source

NOTES:

resource/cloudflare_worker_script: supports explicit account_id instead of inheriting global values (#2102)

FEATURES:

New Resource: cloudflare_tiered_cache (#2101)

ENHANCEMENTS:

resource/cloudflare_access_application: makes allowed_idps type to set (#2094)
resource/cloudflare_custom_hostname: add support for defining custom metadata (#2107)

BUG FIXES:

resource/cloudflare_api_shield: allow for empty auth_id_characteristics (#2091)
resource/cloudflare_ruleset: allow edge_ttl -> default to be optional (#2097)

DEPENDENCIES:

provider: bumps actions/stale from 6 to 7 (#2098)
provider: bumps github.com/cloudflare/cloudflare-go from 0.56.0 to 0.57.0 (#2102)

`v3.30.0`

Compare Source

FEATURES:

New Data Source: cloudflare_load_balancer_pools (#1228)
New Resource: cloudflare_url_normalization_settings (#1878)

ENHANCEMENTS:

resource/cloudflare_workers_script: add support for analytics_engine_binding bindings (#2051)

BUG FIXES:

resource/access_application: fix issue where session_duration always showed a diff for bookmark apps (#2076)
resource/cloudflare_ruleset: fix issue where SSL setting is based of security level (#2088)
resource/cloudflare_split_tunnel: handle nested attribute changes and ignore ordering (#2066)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.55.0 to 0.56.0 (#2075)
provider: bumps goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#2087)

`v3.29.0`

Compare Source

NOTES:

datasource/api_token_permission_groups: permissions attribute has been deprecated in favour of individual resource level attributes. (#1960)

FEATURES:

New Resource: cloudflare_device_settings_policy (#1926)
New Resource: cloudflare_tunnel_config (#2041)

ENHANCEMENTS:

resource/cloudflare_fallback_domain: Add creating fallback domains for device policies (#1926)
resource/cloudflare_logpush_job: add support for workers_trace_events (#2025)
resource/cloudflare_origin_ca_certificate: add logic to renew certificate and add a new flag to set if we should renew earlier (#2048)
resource/cloudflare_origin_ca_certificate: trigger a replacement when csr is changed (#2055)
resource/cloudflare_origin_ca_certificate: trigger a replacement when validity is changed (#2046)
resource/cloudflare_pages_domain: add note about needing to make a separate cloudflare_record. (#2060)
resource/cloudflare_pages_project: add note about linking git accounts to Cloudflare account. (#2060)
resource/cloudflare_ruleset: add support for importing existing resources (#2054)
resource/cloudflare_split_tunnel: Add configuring split tunnel for device policies (#1926)
resource/cloudflare_workers_kv: add support for explicitly setting account_id on the resource (#2049)
resource/cloudflare_workers_kv_namespace: add support for explicitly setting account_id on the resource (#2049)
resource/cloudflare_workers_kv_namespace: swap internals to use new method signatures from cloudflare-go release (#2049)

BUG FIXES:

datasource/api_token_permission_groups: add user, account and zone attributes to contain only those specific resource level permissions. (#1960)
resource/access_policy: Fix issue where only last SAML rule group was applied in Access policy (#2033)
resource/cloudflare_account: Fix uninitialized cloudflare.Account.Settings (#2034)
resource/cloudflare_custom_hostname: remove ForceNew on wait_for_ssl_pending_validation (#2027)
resource/cloudflare_list: Do not reapply changes if only list order changed. (#2063)
resource/cloudflare_record: Fix null MX record creation (#2038)
resource/cloudflare_spectrum_application: ignore ordering of edge_ips (#2032)
resource/cloudflare_workers_kv: key changes force creation of a new resource (#2044)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.54.0 to 0.55.0 (#2049)

`v3.28.0`

Compare Source

ENHANCEMENTS:

resource/cloudflare_zone: add new plans for zone subscriptions (#2023)

BUG FIXES:

resource/access_application: Fix issue where empty CORS headers state causes panics (#2010)

DEPENDENCIES:

provider: bumps dependabot/fetch-metadata from 1.3.4 to 1.3.5 (#2008)
provider: bumps github.com/cloudflare/cloudflare-go from 0.53.0 to 0.54.0 (#2016)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.24.0 to 2.24.1 (#2024)

`v3.27.0`

Compare Source

FEATURES:

New Resource: cloudflare_access_organization (#1961)
New Resource: cloudflare_dlp_profile (#1984)
New Resource: cloudflare_total_tls (#1979)
New Resource: cloudflare_waiting_room_rules (#1957)

ENHANCEMENTS:

resource/cloudflare_access_application: add support for app_launcher, biso, dash_sso and warp to the schema (#1988)
resource/cloudflare_load_balancer_monitor: support defining explicit account_id for resources (#1986)
resource/cloudflare_load_balancer_pool: support defining explicit account_id for resources (#1986)
resource/cloudflare_logpush_job: add support for "access_requests" dataset parameter (#2001)
resource/cloudflare_teams_list: handle pagination for larger Team List accounts (#1706)
test: use T.Setenv to set env vars in provider tests (#1985)

BUG FIXES:

resource/cloudflare_access_group: fix issue where policy groups were always showing a diff during plans (#1983)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.52.0 to 0.53.0 (#1995)
provider: bumps github.com/stretchr/testify from 1.8.0 to 1.8.1 (#1993)

`v3.26.0`

Compare Source

ENHANCEMENTS:

resource/cloudflare_custom_hostname: Add wait_for_ssl_pending_validation attribute (#1953)
resource/cloudflare_device_posture_rule: Add chromeos and unique_client_id values (#1950)
resource/cloudflare_load_balancer: Migrate to autogen docs, improve docs (#1954)
resource/cloudflare_pages_domain: add Pages project domain importer. (#1973)
resource/cloudflare_ruleset: add support for overriding sensitivity levels for ruleset rules (#1965)

BUG FIXES:

resource/cloudflare_byo_ip_prefix: set correct prefix ID for the byoip prefix during import. (#1951)
resource/cloudflare_custom_ssl: check GeoRestrictions is not nil before attempting to compare it (#1964)
resource/cloudflare_pages_project: add defaults to Pages project deployment config (#1973)
resource/cloudflare_zone_settings_override: Fetch/modify origin_max_http_version as a single setting. (#1805)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.51.0 to 0.52.0 (#1962)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.23.0 to 2.24.0 (#1969)
provider: bumps goreleaser/goreleaser-action from 3.1.0 to 3.2.0 (#1977)

`v3.25.0`

Compare Source

NOTES:

resource/device_posture_rule: update device posture rule to reflect new linux posture fields (#1842)

ENHANCEMENTS:

resource/cloudflare_account_member: permit setting status in terraform schema if desired (#1920)
resource/cloudflare_email_routing_catch_all: switch to a dedicated scheme to allow type = "drop" (#1947)
resource/cloudflare_load_balancer: Add support for adaptive_routing, location_strategy, random_steering, and zero_downtime_failover (#1941)
resource/cloudflare_load_balancer: update internal method signatures to match upstream library (#1932)
resource/cloudflare_load_balancer_monitor: update internal method signatures to match upstream library (#1932)
resource/cloudflare_load_balancer_pool: update internal method signatures to match upstream library (#1932)

BUG FIXES:

provider: allow individual setting of x-auth-service-key (#1923)
provider: fix versioning injection during release builds (#1935)
resource/cloudflare_byo_ip_prefix: fix Import to set account_id (#1930)
resource/cloudflare_record: update Read method to pull from remote API instead of local configuration which is empty during Import (#1942)
resource/cloudflare_zone_settings_override: Fix array manipulation bug related to single zone settings (#1925)

DEPENDENCIES:

provider: bumps actions/stale from 5 to 6 (#1922)
provider: bumps dependabot/fetch-metadata from 1.3.3 to 1.3.4 (#1945)

`v3.24.0`

Compare Source

NOTES:

resource/cloudflare_access_bookmark: Bookmark resource is deprecated in favor of using the cloudflare_access_application resource. (#1914)
resource/cloudflare_email_routing_rule: Fix example resource to use correct syntax (#1895)
resource/cloudflare_email_routing_rule_catch_all: Fix example resource to use correct syntax (#1895)

FEATURES:

New Data Source: cloudflare_accounts (#1899)
New Data Source: cloudflare_record (#1906)
New Resource: cloudflare_account (#1902)
New Resource: cloudflare_user_agent_blocking_rule (#1894)

ENHANCEMENTS:

resource/cloudflare_pages_project: Adds importer for pages_project (#1886)
tools: add devcontainer for local development (#1892)

BUG FIXES:

provider: allow setting api_user_service_key without token and/or key (#1907)
resource/cloudflare_load_balancer_monitor: fix detection of headers values changing (#1903)
resource/cloudflare_pages_project: fix null source on project create (#1898)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.49.0 to 0.50.0 (#1910)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.21.0 to 2.22.0 (#1900)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.22.0 to 2.23.0 (#1913)

`v3.23.0`

Compare Source

FEATURES:

New Resource: cloudflare_api_shield (#1874)
New Resource: cloudflare_email_routing_address (#1856)
New Resource: cloudflare_email_routing_catch_all (#1856)
New Resource: cloudflare_email_routing_rules (#1856)
New Resource: cloudflare_email_routing_settings (#1856)
New Resource: cloudflare_web3_hostname (#1882)

ENHANCEMENTS:

resource/cloudflare_access_service_token: updates internals to allow in place refreshing instead of full replacement based on the expires_at and min_days_for_renewal values (#1872)
resource/cloudflare_pages_domain: Adds support for Pages domains (#1835)
resource/cloudflare_pages_project: Adds support for Pages Projects (#1835)
resource/cloudflare_record: Add HTTPS DNS record type (#1887)
resource/cloudflare_worker: provide js module option to allow service bindings (#1865)

BUG FIXES:

resource/cloudflare_authenticated_origin_pulls: fix improper handling of enabled=false (#1861)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.48.0 to 0.49.0 (#1871)
provider: bumps github.com/golangci/golangci-lint from 1.48.0 to 1.49.0 (#1855)
provider: bumps goreleaser/goreleaser-action from 3.0.0 to 3.1.0 (#1868)

`v3.22.0`

Compare Source

NOTES:

update local setup documentation to reflect newer required Go version (#1847)

ENHANCEMENTS:

resource/cloudflare_ruleset: add support for http_config_settings (#1837)
resources/worker_script: add support for r2_bucket_binding (#1825)

BUG FIXES:

resource/cloudflare_fallback_domain: fix perpetual changes due to ordering (#1828)
resource/cloudflare_notification_policy: add missing alert types and filters to validation and docs (#1830)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.46.0 to 0.47.1 (#1844)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.20.0 to 2.21.0 (#1838)
provider: bumps github.com/hcloudflare-go from 0.47.1 to 0.48.0 (#1848)

`v3.21.0`

Compare Source

BREAKING CHANGES:

resource/cloudflare_page_rule: Removed always_online from page rules since this action has been decommissioned from page rules (#1817)

ENHANCEMENTS:

resource/cloudflare_custom_ssl: handle when remote ID changes during updates (#1824)
resource/cloudflare_ruleset: add support and configuration for serve_errors action (#1794)
resource/cloudflare_ruleset: add support for sni override in route action (#1816)

BUG FIXES:

resource/cloudflare_account_member: actually use the account_id value (#1823)
resource/cloudflare_zone_settings_override: add missing allowed value of 120 for browser_cache_ttl (#1822)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.45.0 to 0.46.0 (#1815)
provider: bumps github.com/golangci/golangci-lint from 1.47.2 to 1.47.3 (#1813)
provider: bumps github.com/golangci/golangci-lint from 1.47.3 to 1.48.0 (#1820)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.19.0 to 2.20.0 (#1804)

`v3.20.0`

Compare Source

BREAKING CHANGES:

resource/cloudflare_healthcheck: deprecates notification_email_addresses and notification_suspended in favour of cloudflare_notification_policy (#1789)

NOTES:

resource/cloudflare_access_rule: this resource now supports an explicit account_id instead of the implied one from the client configuration. You should update your configuration to include account_id and remove permadiffs. (#1790)
resource/cloudflare_account_member: this resource now supports an explicit account_id instead of the implied one from the client configuration. You should update your configuration to include account_id and remove permadiffs. (#1767)
resource/cloudflare_certificate_pack: remove references to long-deprecated dedicated certs (replaced by advanced) (#1778)
resource/cloudflare_rulesets: Cache Rules use cache flag instead of bypass_cache (#1785)
resource/cloudflare_zone: this resource now supports an explicit account_id instead of the implied one from the client configuration. You should update your configuration to include account_id and remove permadiffs. (#1767)

ENHANCEMENTS:

resource/cloudflare_access_application: Add support for Saas applications (#1762)
resource/cloudflare_access_rule: add support for account_id (#1790)
resource/cloudflare_account_member: add support for account_id (#1767)
resource/cloudflare_api_token: add support for not_before and expires_on (#1792)
resource/cloudflare_certificate_pack: fix some of the custom hostname docs copy (#1778)
resource/cloudflare_certificate_pack: update the list of allowed certificate authorities (#1778)
resource/cloudflare_load_balancer: Add support for LB country pools (#1797)
resource/cloudflare_managed_headers: swap filtering to use API instead of custom logic (#1765)
resource/cloudflare_ruleset: add support for from_value action parameter when using redirect action (#1781)
resource/cloudflare_zone: add support for account_id (#1767)

BUG FIXES:

resource/cloudflare_waiting_room: fix default waiting room session_duration and path values (#1766)
resource/cloudflare_zone_lockdown: Fix crash when logging upstream error message (#1777)

DEPENDENCIES:

provider: bumps github.com/cloudflare/cloudflare-go from 0.44.0 to 0.45.0 (#1793)
provider: bumps github.com/golangci/golangci-lint from 1.46.2 to 1.47.0 (#1786)
provider: bumps github.com/golangci/golangci-lint from 1.47.0 to 1.47.1 (#1788)
provider: bumps github.com/golangci/golangci-lint from 1.47.1 to 1.47.2 (#1795)
provider: bumps github.com/hashicorp/terraform-plugin-log from 0.4.1 to 0.5.0 (#1773)
provider: bumps github.com/hashicorp/terraform-plugin-log from 0.5.0 to 0.6.0 (#1780)
provider: bumps github.com/hashicorp/terraform-plugin-log from 0.6.0 to 0.7.0 (#1798)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.18.0 to 2.19.0 (#1779)

`v3.19.0`

Compare Source

ENHANCEMENTS:

resource/cloudflare_ipsec_tunnel: add allow_null_cipher to ipsec tunnel (#1736)
resource/cloudflare_record: Validate that DNS record names are non-empty (#1740)
resource/cloudflare_ruleset: add support for from_list action parameter when using redirect action (#1744)
resource/cloudflare_waiting_room: Add queueing_method field. (#1759)
resource/cloudflare_workers_script: add support for service_binding bindings (#1760)
resource/cloudflare_zone_settings_override: Add support for origin_max_http_version (#1755)

BUG FIXES:

resource/cloudflare_list: fix default values for redirect list updates (#1746)
resource/cloudflare_logpush_job: fix logpush job name validation regex (#1743)
resource/cloudflare_tunnel_route: Fix incorrect indexing of resource data id attributes (#1753)

DEPENDENCIES:

provider: bumps dependabot/fetch-metadata from 1.3.1 to 1.3.2 (#1747)
provider: bumps dependabot/fetch-metadata from 1.3.2 to 1.3.2 (#1748)
provider: bumps github.com/cloudflare/cloudflare-go from 0.43.0 to 0.44.0 (#1757)
provider: bumps github.com/hashicorp/terraform-plugin-docs from 0.12.0 to 0.13.0 (#1763)
provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.17.0 to 2.18.0 (#1758)
provider: bumps github.com/stretchr/testify from 1.7.5 to 1.8.0 (#1738)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited Sep 18, 2024 by Dylan Smith

chore(deps): update terraform cloudflare to v4

Release Notes

Configuration

Merge request reports