chore(deps): update terraform cloudflare to v4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
cloudflare (source)	required_provider	major	3.27.0 -> 4.8.0

---

Release Notes

cloudflare/terraform-provider-cloudflare

v4.8.0

Compare Source

BREAKING CHANGES:

• resource/cloudflare_ruleset: Prevent the rule ID, version and last updated attributes from being set (#​2511)

ENHANCEMENTS:

• cloudflare_pages_project: add placement to deployment config (#​2480)
• resource/access_application: add support for self_hosted_domains (#​2441)
• resource/cloudflare_custom_hostname: add support for bundle_method TLS configuration (#​2494)
• resource/cloudflare_device_posture_rule: add ability to create intune and kolide s2s posture rule creation (#​2474)
• resource/cloudflare_device_settings_policy: add description to device settings policy (#​2474)
• resource/cloudflare_load_balancer: Add support for least_outstanding_requests steering (#​2472)
• resource/cloudflare_load_balancer_pool: Add support for least_outstanding_requests origin steering (#​2472)
• resource/cloudflare_page_rule: removes ability to set wildcards for include and exclude, provides guidance on proper values to use instead (#​2491)
• resource/cloudflare_teams_account: add ability to set root_ca for ZT Accounts (#​2474)

BUG FIXES:

• cloudflare_pages_project: use user provided configuration for secrets in the state handler since the API does not return them (#​2480)
• resource/cloudflare_certificate_pack: handle UI deletion scenarios for HTTP 404s and status = "deleted" responses (#​2497)
• resource/cloudflare_custom_hostname: use user provided values for state management when the API response isn't provided (#​2494)
• resource/cloudflare_origin_ca_certificate: mark csr as Required (#​2496)
• resource/cloudflare_ruleset: Mark that the ruleset must be re-created if the shareable entitlement name attribute changes (#​2511)
• resource/cloudflare_ruleset: Populate the rule ID, ref, version and last updated attributes in API requests and from API responses (#​2511)
• resource/cloudflare_ruleset: Populate the shareable entitlement name attribute in API requests and from API responses (#​2511)
• resource/cloudflare_ruleset: handle Import operations where the required values are missing for providing a nicer error message (#​2503)

DEPENDENCIES:

• provider: bumps github.com/cloudflare/cloudflare-go from 0.68.0 to 0.69.0 (#​2507)
• provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.2.0 to 1.3.0 (#​2509)
• provider: bumps github.com/hashicorp/terraform-plugin-log from 0.8.0 to 0.9.0 (#​2489)
• provider: bumps github.com/hashicorp/terraform-plugin-testing from 1.2.0 to 1.3.0 (#​2524)
• provider: bumps golang.org/x/net from 0.10.0 to 0.11.0 (#​2523)
• provider: bumps goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (#​2519)

v4.7.1

Compare Source

BUG FIXES:

• resource/cloudflare_list: remove IsIPAddress validation that doesn't take into account CIDR notation (#​2486)

v4.7.0

Compare Source

NOTES:

• resource/cloudflare_filter: This resource is being deprecated in favor of the cloudflare_rulesets resource. See https://developers.cloudflare.com/waf/reference/migration-guides/firewall-rules-to-custom-rules/#relevant-changes-for-terraform-users for more details. (#​2442)
• resource/cloudflare_firewall_rule: This resource is being deprecated in favor of the cloudflare_rulesets resource. See https://developers.cloudflare.com/waf/reference/migration-guides/firewall-rules-to-custom-rules/#relevant-changes-for-terraform-users for more details. (#​2442)

FEATURES:

• New Resource: cloudflare_r2_bucket (#​2378)

ENHANCEMENTS:

• resource/cloudflare_account: provide account ID for error handling in resourceCloudflareAccountDelete (#​2436)
• resource/cloudflare_device_posture_integration: add api_url to uptycs posture integration config. (#​2468)
• resource/cloudflare_list: add support for Hostname and ASN lists. (#​2483)
• resource/cloudflare_tunnel_config: add support for origin config on ingress rule and access (#​2477)

BUG FIXES:

• resource/cloudflare_logpush_job: Properly set dataset field when importing logpush jobs (#​2444)
• resource/cloudflare_pages_project: suggest a better default value for root_dir (#​2440)
• resource/cloudflare_ruleset: Validation of ttls for action_parameters with edge_ttl or browser_ttl mode of override_origin (#​2454)
• resource/cloudflare_workers_kv: Fix import to properly parse the id (#​2434)

DEPENDENCIES:

• provider: bumps dependabot/fetch-metadata from 1.4.0 to 1.5.0 (#​2463)
• provider: bumps dependabot/fetch-metadata from 1.5.0 to 1.5.1 (#​2469)
• provider: bumps github.com/cloudflare/cloudflare-go from 0.67.0 to 0.68.0 (#​2466)
• provider: bumps github.com/stretchr/testify from 1.8.2 to 1.8.3 (#​2457)
• provider: bumps github.com/stretchr/testify from 1.8.3 to 1.8.4 (#​2484)

v4.6.0

Compare Source

ENHANCEMENTS:

• resource/cloudflare_ruleset: add support for auto compression in the compress_response action (#​2409)
• resource/cloudflare_waiting_room_settings: add support for waiting room zone-level settings. (#​2419)

BUG FIXES:

• resource/cloudflare_notification_policy: Fix unexpected crashes when setting target_hostname with a filters attribute (#​2425)
• resource/cloudflare_ruleset: allow FromValue.PreserveQueryString to be nullable and handled correctly (#​2414)
• resource/cloudflare_ruleset: allow using 0 as an edge TTL value without conflicting with Go types for zeros (#​2415)
• resource/cloudflare_turnstile_widget: align schema to match what is returned by the API and fix updating the widget (#​2413)

DEPENDENCIES:

• provider: bumps github.com/cloudflare/cloudflare-go from 0.66.0 to 0.67.0 (#​2429)
• provider: bumps golang.org/x/net from 0.9.0 to 0.10.0 (#​2421)

v4.5.0

Compare Source

FEATURES:

• New Resource: cloudflare_regional_hostname (#​2396)
• New Resource: cloudflare_turnstile_widget (#​2380)

ENHANCEMENTS:

• resource/cloudflare_device_posture_rule: Add support for sentinelone type. (#​2279)
• resource/cloudflare_logpush_job: Fix schema for logpush job dataset field (#​2397)
• resource/cloudflare_logpush_job: add max upload parameters (#​2394)
• resource/cloudflare_logpush_job: add support for device_posture_results and zero_trust_network_sessions. (#​2405)
• resource/cloudflare_notification_policy: Added support for setting Megabits per second threshold for dos alert in Cloudflare notification policy resource. (#​2404)
• resource/cloudflare_pages_project: added secrets to Pages project. Secrets are encrypted environment variables, ideal for secrets such as API tokens. See documentation here: https://developers.cloudflare.com/pages/platform/functions/bindings/#secrets (#​2399)
• resource/cloudflare_ruleset: add support for the compress_response action (#​2372)
• resource/cloudflare_ruleset: add support for the http_response_compression phase (#​2372)

BUG FIXES:

• resource/cloudflare_load_balancer: fixes random_steering being unset on value updates (#​2403)
• resource/cloudflare_pages_project: fixes pages project acceptance test (#​2402)
• resource/cloudflare_ruleset: ensure custom cache keys using query parameters are defined as known values for state handling (#​2388)

DEPENDENCIES:

• provider: bumps github.com/cloudflare/cloudflare-go from 0.65.0 to 0.66.0 (#​2398)
• provider: bumps github.com/hashicorp/terraform-plugin-mux from 0.9.0 to 0.10.0 (#​2395)

v4.4.0

Compare Source

NOTES:

• resource/cloudflare_ruleset: introduced future deprecation warning for the http_request_sbfm phase. (#​2382)

ENHANCEMENTS:

• resource/cloudflare_access_organization: Add auto_redirect_to_identity flag (#​2356)
• resource/cloudflare_access_policy: Add isolation_required flag (#​2351)
• resource/cloudflare_tunnel: Adds config_src parameter (#​2369)
• resource/cloudflare_worker_script: Add logpush attribute (#​2375)

INTERNAL:

• scripts/generate-changelog-entry: make error message match the executable we are expecting (#​2357)

DEPENDENCIES:

• provider: bumps dependabot/fetch-metadata from 1.3.6 to 1.4.0 (#​2383)
• provider: bumps github.com/cloudflare/cloudflare-go from 0.64.0 to 0.65.0 (#​2370)
• provider: bumps golang.org/x/net from 0.8.0 to 0.9.0 (#​2359)
• provider: bumps peter-evans/create-or-update-comment from 2 to 3 (#​2355)

v4.3.0

Compare Source

NOTES:

• adds support for a basic flox environment project (#​2345)

FEATURES:

• New Resource: cloudflare_device_dex_tests (#​2250)
• New Resource: cloudflare_worker_domain (#​2339)

ENHANCEMENTS:

• resource/cloudflare_access_group: Add example of usage of Azure (#​2332)
• resource/cloudflare_access_identity_provider: add claims and scopes fields (#​2313)
• resource/cloudflare_access_identity_provider: add ability for users to enable SCIM provisioning on their Identity Providers (#​2147)
• resource/cloudflare_device_posture_integration: add support for managing kolide third party posture provider. (#​2321)
• resource/cloudflare_device_settings_policy: use new cloudflare.ServiceMode type (#​2331)
• resource/cloudflare_ruleset: enforce schema validation of conflicting cache key parameters (#​2326)
• resource/cloudflare_teams_rules: updated gateway rule action audit ssh and rule settings (#​2303)
• resource/cloudflare_worker_script: Add compatibility_flags attribute (#​2324)
• resources/device_settings_policy: add validation for possible service_mode_v2_mode values (#​2331)

BUG FIXES:

• datasource/cloudflare_devices: Fix cloudflare_devices data source to return devices correctly and not error (#​2348)
• resource/cloudflare_custom_ssl: fix json sent to API when geo_restrictions are not used (#​2319)

DEPENDENCIES:

• provider: bumps actions/stale from 7 to 8 (#​2322)
• provider: bumps github.com/cloudflare/cloudflare-go from 0.63.0 to 0.64.0 (#​2344)
• provider: bumps github.com/hashicorp/terraform-plugin-go from 0.14.3 to 0.15.0 (#​2333)
• provider: bumps github.com/hashicorp/terraform-plugin-testing from 1.1.0 to 1.2.0 (#​2320)

v4.2.0

Compare Source

BREAKING CHANGES:

• resource/cloudflare_ruleset: status has been removed in favour of enabled now that the workaround for zero values is no longer required (#​2271)

NOTES:

• cloudflare_ruleset has been migrated to the terraform-plugin-framework in doing so addresses issues with the internal representation of zero values. A downside to this is that to get the full benefits, you will need to remove the resource from your Terraform state (terraform state rm ...) and then import the resource back into your state. Along with this, you will need to update any references to status which was the previous workaround for the enabled values. If you have status = "enabled" you will need to replace it with enabled = true and similar for status = "disabled" to be replaced with enabled = false. (#​2271)

FEATURES:

• New Data Source: cloudflare_list (#​2296)
• New Data Source: cloudflare_lists (#​2296)
• New Resource: cloudflare_address_map (#​2290)
• New Resource: cloudflare_list_item (#​2304)

ENHANCEMENTS:

• resource/access_organization: add ui_read_only_toggle_reason field (#​2175)
• resource/cloudflare_device_posture_rule: Support check_disks in the input block schema. (#​2280)
• resource/cloudflare_notification_policy_webhooks: ensure url triggers recreation, not in-place updates (#​2302)
• resource/cloudflare_tunnel: rename references of cloudflare_argo_tunnel to cloudflare_tunnel in documentation (#​2281)
• resource/cloudflare_tunnel_config: add support for import of cloudflare_tunnel_config (#​2298)
• resource/cloudflare_tunnel_config: rename references of cloudflare_argo_tunnel to cloudflare_tunnel in documentation (#​2281)
• resource/cloudflare_tunnel_route: rename references of cloudflare_argo_tunnel to cloudflare_tunnel in documentation (#​2281)
• resource/cloudflare_worker_script: Add compatibility_date attribute (#​2300)

BUG FIXES:

• resource/cloudflare_ruleset: support cache rules for status range >= and =< operations (#​2307)
• resource/cloudflare_teams_account: fixes an issue where accounts that had never configured DLP payload logging would error upon reading this resource (#​2284)

INTERNAL:

• resource/cloudflare_ruleset: migrate from SDKv2 to terraform-plugin-framework (#​2271)
• test: swap SDKv2 testing harness to github.com/hashicorp/terraform-plugin-testing (#​2272)

DEPENDENCIES:

• provider: bumps actions/setup-go from 3 to 4 (#​2291)
• provider: bumps github.com/cloudflare/cloudflare-go from 0.62.0 to 0.63.0 (#​2289)
• provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.1.1 to 1.2.0 (#​2314)
• provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.25.1-0.20230317190757-53a4ec42ea7e to 2.26.0 (#​2308)
• provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.26.0 to 2.26.1 (#​2315)

v4.1.0

Compare Source

ENHANCEMENTS:

• resource/cloudflare_cloudflare_teams_rules: Add untrusted_cert setting to teams rules settings (#​2256)
• resource/cloudflare_teams_account: Add support for DLP payload logging public key (#​2267)
• resource/cloudflare_teams_rule: Add support for enabling DLP payload logging per-rule (#​2267)
• resource/cloudflare_waiting_room: add 'ru-RU' and 'fa-IR' to default_template_language field (#​2262)

BUG FIXES:

• resource/cloudflare_access_group: fixes an issue where Azure group rules with different identity provider ids would override each other (#​2270)
• resource/cloudflare_notification_policy: ensure all emails are saved if multiple email_integration values specified (#​2248)

DEPENDENCIES:

• provider: bumps github.com/cloudflare/cloudflare-go from 0.61.0 to 0.62.0 (#​2268)
• provider: bumps github.com/stretchr/testify from 1.8.1 to 1.8.2 (#​2263)
• provider: bumps golang.org/x/net from 0.7.0 to 0.8.0 (#​2274)

v4.0.0

Compare Source

Warning Prior to upgrading you should ensure you have adequate backups in the event you need to rollback to version 3. This is a major version bump and involves backwards incompatible changes.

3.x to 4.x upgrade guide

BREAKING CHANGES:

• datasource/cloudflare_waf_groups: removed in favour of cloudflare_rulesets (#​2138)
• datasource/cloudflare_waf_packages: removed in favour of cloudflare_rulesets (#​2138)
• datasource/cloudflare_waf_rules: removed in favour of cloudflare_rulesets (#​2138)
• provider: account_id is no longer available as a global configuration option. Instead, use the resource specific attributes. (#​2139)
• resource/cloudflare_access_bookmark: resource has been removed in favour of configuration on cloudflare_access_application (#​2136)
• resource/cloudflare_access_rule: require explicit zone_id or account_id and remove implicit fallback to user level rules (#​2157)
• resource/cloudflare_account_member: account_id is now required (#​2153)
• resource/cloudflare_account_member: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_argo_tunnel: resource has been renamed to cloudflare_tunnel (#​2135)
• resource/cloudflare_ip_list: removed in favour of cloudflare_list (#​2137)
• resource/cloudflare_load_balancer: Migrate session_affinity_attributes from TypeMap to TypeSet (#​1959)
• resource/cloudflare_load_balancer: session_affinity_attributes.drain_duration is now TypeInt instead of TypeString (#​1959)
• resource/cloudflare_load_balancer_monitor: account_id is now required (#​2153)
• resource/cloudflare_load_balancer_monitor: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_load_balancer_pool: account_id is now required (#​2153)
• resource/cloudflare_load_balancer_pool: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_spectrum_application: edge_ip_connectivity is now nested under edge_ips as connectivity (#​2219)
• resource/cloudflare_spectrum_application: edge_ips.type is now a required field (#​2219)
• resource/cloudflare_spectrum_application: edge_ips now contains nested attributes other than IP ranges. type and connectivity have been added. edge_ips.ips contains the static IP addresses that used to reside at edge_ips. (#​2219)
• resource/cloudflare_waf_group: removed in favour of cloudflare_ruleset (#​2138)
• resource/cloudflare_waf_override: removed in favour of cloudflare_ruleset (#​2138)
• resource/cloudflare_waf_package: removed in favour of cloudflare_ruleset (#​2138)
• resource/cloudflare_waf_rule: removed in favour of cloudflare_ruleset (#​2138)
• resource/cloudflare_workers_kv: account_id is now required (#​2153)
• resource/cloudflare_workers_kv: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_workers_kv_namespace: account_id is now required (#​2153)
• resource/cloudflare_workers_kv_namespace: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_workers_script: account_id is now required (#​2153)
• resource/cloudflare_workers_script: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_zone: account_id is now required (#​2153)
• resource/cloudflare_zone: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)

v3.35.0

Compare Source

FEATURES:

• New Data Source: cloudflare_rulesets (#​2220)

ENHANCEMENTS:

• resource/cloudflare_argo_tunnel: mark tunnel_token as sensitive (#​2231)
• resource/cloudflare_device_settings_policy: Add new flag MS IP Exclusion for device policies (#​2236)
• resource/cloudflare_dlp_profile: Add new allowed_match_count field to profiles (#​2210)

BUG FIXES:

• resource/cloudflare_logpush_job: fixing typo in comment (#​2238)
• resource/cloudflare_record: always send tags object which allows removal of unwanted tags (#​2205)
• resource/cloudflare_tunnel_config: use correct notation for nested lists (#​2235)

INTERNAL:

• internal: bump Go version to 1.20 (#​2243)

DEPENDENCIES:

• provider: bump golang.org/x/net to v0.7.0 (#​2245)
• provider: bumps github.com/cloudflare/cloudflare-go from 0.60.0 to 0.61.0 (#​2240)
• provider: bumps github.com/hashicorp/terraform-plugin-framework-validators from 0.9.0 to 0.10.0 (#​2227)
• provider: bumps github.com/hashicorp/terraform-plugin-mux from 0.8.0 to 0.9.0 (#​2228)
• provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.24.1 to 2.25.0 (#​2239)
• provider: bumps golang.org/x/net from 0.6.0 to 0.7.0 (#​2241)

v3.34.0

Compare Source

BREAKING CHANGES:

• datasource/cloudflare_waf_groups: removed with no current replacement (#​2138)
• datasource/cloudflare_waf_packages: removed with no current replacement (#​2138)
• datasource/cloudflare_waf_rules: removed with no current replacement (#​2138)
• provider: account_id is no longer available as a global configuration option. Instead, use the resource specific attributes. (#​2139)
• resource/cloudflare_access_bookmark: resource has been removed in favour of configuration on cloudflare_access_application (#​2136)
• resource/cloudflare_access_rule: require explicit zone_id or account_id and remove implicit fallback to user level rules (#​2157)
• resource/cloudflare_account_member: account_id is now required (#​2153)
• resource/cloudflare_account_member: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_argo_tunnel: resource has been renamed to cloudflare_tunnel (#​2135)
• resource/cloudflare_ip_list: removed in favour of cloudflare_list (#​2137)
• resource/cloudflare_load_balancer: Migrate session_affinity_attributes from TypeMap to TypeSet (#​1959)
• resource/cloudflare_load_balancer: session_affinity_attributes.drain_duration is now TypeInt instead of TypeString (#​1959)
• resource/cloudflare_load_balancer_monitor: account_id is now required (#​2153)
• resource/cloudflare_load_balancer_monitor: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_load_balancer_pool: account_id is now required (#​2153)
• resource/cloudflare_load_balancer_pool: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_notification_policy: alert types block_notification_review_accepted and workers_uptime have been removed. (#​2215)
• resource/cloudflare_notification_policy: alert types g6_health_alert has been renamed to load_balancing_health_alert (#​2215)
• resource/cloudflare_notification_policy: alert types g6_pool_toggle_alert has been renamed to load_balancing_pool_enablement_alert (#​2215)
• resource/cloudflare_notification_policy: alert types scriptmonitor_alert_new_max_length_script_url has been renamed to scriptmonitor_alert_new_max_length_resource_url (#​2215)
• resource/cloudflare_notification_policy: alert types scriptmonitor_alert_new_scripts has been renamed to scriptmonitor_alert_new_resources (#​2215)
• resource/cloudflare_waf_group: removed in favour of cloudflare_ruleset (#​2138)
• resource/cloudflare_waf_override: removed in favour of cloudflare_ruleset (#​2138)
• resource/cloudflare_waf_package: removed in favour of cloudflare_ruleset (#​2138)
• resource/cloudflare_waf_rule: removed in favour of cloudflare_ruleset (#​2138)
• resource/cloudflare_workers_kv: account_id is now required (#​2153)
• resource/cloudflare_workers_kv: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_workers_kv_namespace: account_id is now required (#​2153)
• resource/cloudflare_workers_kv_namespace: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_workers_script: account_id is now required (#​2153)
• resource/cloudflare_workers_script: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_zone: account_id is now required (#​2153)
• resource/cloudflare_zone: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)

FEATURES:

• New Resource: cloudflare_mtls_certificate (#​2182)
• New Resource: cloudflare_queue (#​2134)

ENHANCEMENTS:

• resource/cloudflare_notification_policy: alert types block_notification_block_removed, fbm_dosd_attack, scriptmonitor_alert_new_max_length_resource_url, scriptmonitor_alert_new_resources, tunnel_health_event, tunnel_update_event have been added. (#​2215)
• resource/cloudflare_ruleset: Preserve IDs of unmodified rules when updating rulesets (#​2172)
• resource/cloudflare_ruleset: add support for score_per_period and score_response_header_name (#​2177)
• resource/cloudflare_worker_script: add support for queue_binding (#​2134)

BUG FIXES:

• resource/cloudflare_account_member: allow status to be computed when not provided (#​2217)
• resource/cloudflare_page_rule: fix failing page rules acceptance tests (#​2213)
• resource/cloudflare_page_rule: make cache_key_fields optional to align with API constraints (#​2192)
• resource/cloudflare_page_rule: remove empty cookie and header fields when applying this resource (#​2208)
• resource/cloudflare_pages_project: changing name will now force recreation of the project (#​2216)

DEPENDENCIES:

• provider: bumps github.com/cloudflare/cloudflare-go from 0.59.0 to 0.60.0 (#​2204)
• provider: bumps goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#​2201)

v3.33.1

Compare Source

BUG FIXES:

• provider: remove conflicting ExactlyOneOf schema validation from framework schema (#​2185)

v3.33.0

Compare Source

BREAKING CHANGES:

• datasource/cloudflare_waf_groups: removed with no current replacement (#​2138)
• datasource/cloudflare_waf_packages: removed with no current replacement (#​2138)
• datasource/cloudflare_waf_rules: removed with no current replacement (#​2138)
• provider: account_id is no longer available as a global configuration option. Instead, use the resource specific attributes. (#​2139)
• resource/cloudflare_access_bookmark: resource has been removed in favour of configuration on cloudflare_access_application (#​2136)
• resource/cloudflare_access_rule: require explicit zone_id or account_id and remove implicit fallback to user level rules (#​2157)
• resource/cloudflare_account_member: account_id is now required (#​2153)
• resource/cloudflare_account_member: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_argo_tunnel: resource has been renamed to cloudflare_tunnel (#​2135)
• resource/cloudflare_ip_list: removed in favour of cloudflare_list (#​2137)
• resource/cloudflare_load_balancer_monitor: account_id is now required (#​2153)
• resource/cloudflare_load_balancer_monitor: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_load_balancer_pool: account_id is now required (#​2153)
• resource/cloudflare_load_balancer_pool: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_waf_group: removed in favour of cloudflare_ruleset (#​2138)
• resource/cloudflare_waf_override: removed in favour of cloudflare_ruleset (#​2138)
• resource/cloudflare_waf_package: removed in favour of cloudflare_ruleset (#​2138)
• resource/cloudflare_waf_rule: removed in favour of cloudflare_ruleset (#​2138)
• resource/cloudflare_workers_kv: account_id is now required (#​2153)
• resource/cloudflare_workers_kv: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_workers_kv_namespace: account_id is now required (#​2153)
• resource/cloudflare_workers_kv_namespace: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_workers_script: account_id is now required (#​2153)
• resource/cloudflare_workers_script: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)
• resource/cloudflare_zone: account_id is now required (#​2153)
• resource/cloudflare_zone: no longer sets client.AccountID internally and relies on the resource provided value (#​2154)

ENHANCEMENTS:

• provider: mux terraform-plugin-sdk/v2 and terraform-plugin-framework (#​2170)
• resource/cloudflare_access_group: supports ip_list property. (#​2073)
• resource/cloudflare_access_organization: add support for user_seat_expiration_inactive_time (#​2115)
• resource/cloudflare_ruleset: do not let edge_ttl: default be zero (#​2143)
• resource/cloudflare_teams_accounts: adds support for mailto_address and mailto_subject blockpage settings (#​2146)
• resource/cloudflare_teams_rules: adds egress rule settings. (#​2159)

BUG FIXES:

• resource/cloudflare_record: fix issue with DNS comments and tags not being set for new records (#​2148)

DEPENDENCIES:

• provider: bumps dependabot/fetch-metadata from 1.3.5 to 1.3.6 (#​2183)
• provider: bumps github.com/cloudflare/cloudflare-go from 0.58.1 to 0.59.0 (#​2166)

v3.32.0

Compare Source

FEATURES:

• New Resource: cloudflare_device_managed_networks (#​2126)

ENHANCEMENTS:

• provider: X-Auth-Email, X-Auth-Key, X-Auth-User-Service-Key and Authorization values are now automatically redacted from debug logs (#​2123)
• provider: use inbuilt cloudflare-go logger for HTTP interactions (#​2123)
• resource/cloudflare_device_posture_rule: add ability to create crowdstrike s2s posture rule creation (#​2128)
• resource/cloudflare_origin_ca: support all authentication schemes (#​2124)
• resource/cloudflare_pages_project: adds support for always_use_latest_compatibility_date, fail_open, service_binding and usage_model (#​2083)
• resource/cloudflare_record: add support for tags and comments. (#​2105)

DEPENDENCIES:

• provider: bumps github.com/cloudflare/cloudflare-go from 0.57.1 to 0.58.1 (#​2122)

v3.31.0

Compare Source

NOTES:

• resource/cloudflare_worker_script: supports explicit account_id instead of inheriting global values (#​2102)

FEATURES:

• New Resource: cloudflare_tiered_cache (#​2101)

ENHANCEMENTS:

• resource/cloudflare_access_application: makes allowed_idps type to set (#​2094)
• resource/cloudflare_custom_hostname: add support for defining custom metadata (#​2107)

BUG FIXES:

• resource/cloudflare_api_shield: allow for empty auth_id_characteristics (#​2091)
• resource/cloudflare_ruleset: allow edge_ttl -> default to be optional (#​2097)

DEPENDENCIES:

• provider: bumps actions/stale from 6 to 7 (#​2098)
• provider: bumps github.com/cloudflare/cloudflare-go from 0.56.0 to 0.57.0 (#​2102)

v3.30.0

Compare Source

FEATURES:

• New Data Source: cloudflare_load_balancer_pools (#​1228)
• New Resource: cloudflare_url_normalization_settings (#​1878)

ENHANCEMENTS:

• resource/cloudflare_workers_script: add support for analytics_engine_binding bindings (#​2051)

BUG FIXES:

• resource/access_application: fix issue where session_duration always showed a diff for bookmark apps (#​2076)
• resource/cloudflare_ruleset: fix issue where SSL setting is based of security level (#​2088)
• resource/cloudflare_split_tunnel: handle nested attribute changes and ignore ordering (#​2066)

DEPENDENCIES:

• provider: bumps github.com/cloudflare/cloudflare-go from 0.55.0 to 0.56.0 (#​2075)
• provider: bumps goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#​2087)

v3.29.0

Compare Source

NOTES:

• datasource/api_token_permission_groups: permissions attribute has been deprecated in favour of individual resource level attributes. (#​1960)

FEATURES:

• New Resource: cloudflare_device_settings_policy (#​1926)
• New Resource: cloudflare_tunnel_config (#​2041)

ENHANCEMENTS:

• resource/cloudflare_fallback_domain: Add creating fallback domains for device policies (#​1926)
• resource/cloudflare_logpush_job: add support for workers_trace_events (#​2025)
• resource/cloudflare_origin_ca_certificate: add logic to renew certificate and add a new flag to set if we should renew earlier (#​2048)
• resource/cloudflare_origin_ca_certificate: trigger a replacement when csr is changed (#​2055)
• resource/cloudflare_origin_ca_certificate: trigger a replacement when validity is changed (#​2046)
• resource/cloudflare_pages_domain: add note about needing to make a separate cloudflare_record. (#​2060)
• resource/cloudflare_pages_project: add note about linking git acco

---

Configuration

📅 Schedule: Branch creation - "on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ COPYPASTE	jscpd	yes		no	1.68s
✅ REPOSITORY	git_diff	yes		no	0.01s
✅ REPOSITORY	secretlint	yes		no	1.76s
✅ TERRAFORM	terraform-fmt	1		0	0.05s

See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by