FEATURES:
- New Resource:
cloudflare_tunnel_route
(#1572)
ENHANCEMENTS:
- resource/cloudflare_certificate_pack: add support for new option (
wait_for_active_status
) to block creation until certificate pack is active (#1567) - resource/cloudflare_notification_policy: Add
slo
to notification policy filters (#1573) - resource/cloudflare_teams_list: Add support for IP type (#1550)
BUG FIXES:
- cloudflare_tunnel_routes: Fix reads matching routers with larger CIDRs (#1581)
- resource/cloudflare_logpush_job: make ownership challenge check for https not required (#1588)
- resource/cloudflare_tunnel_route: Fix importing resource (#1580)
- resource/cloudflare_zone: update plan identifier for professional rate plans (#1583)
NOTES:
- resource/cloudflare_byo_ip_prefix: now requires an explicit
account_id
parameter instead of implicitly relying onclient.AccountID
(#1563) - resource/cloudflare_ip_list: no longer sets
client.AccountID
internally for resources (#1563) - resource/cloudflare_magic_firewall_ruleset: no longer sets
client.AccountID
internally for resources (#1563) - resource/cloudflare_static_route: no longer sets
client.AccountID
internally for resources (#1563) - resource/cloudflare_worker_cron_trigger: now requires an explicit
account_id
parameter instead of implicitly relying onclient.AccountID
(#1563)
ENHANCEMENTS:
- resource/cloudflare_custom_pages: add support for managed_challenge action (#1478)
- resource/cloudflare_ruleset: add support for rule
logging
(#1538)
ENHANCEMENTS:
- resource/cloudflare_ruleset: Setting description to
Optional
to better reflect API requirements (#1556)
BUG FIXES:
- resource/cloudflare_zone: don't get stuck in endless loop for partner zone rate plans (#1547)
NOTES:
- resource/cloudflare_healthcheck:
notification_suspended
andnotification_email_addresses
attributes are being deprecated in favour ofcloudflare_notification_policy
resource instead. (#1529)
FEATURES:
- New Resource:
cloudflare_access_bookmark
(#1539)
ENHANCEMENTS:
- resource/cloudflare_access_application: Add service_auth_401_redirect field. (#1540)
BUG FIXES:
- resource/cloudflare_api_token: ignore ordering changes in
permission_groups
(#1545) - resource/cloudflare_notification_policy: Fix unexpected crashes when using cloudflare_notification_policy with a filters attribute (#1542)
- resource/cloudflare_zone_dnssec: don't try to enable DNSSEC when state is "pending" (#1530)
NOTES:
- resource/cloudflare_origin_ca_certificate:
requested_validity
no longer decrements until theexpires_on
value but is now the amount of days the certificate was requested for. (#1502)
FEATURES:
- New Resource:
cloudflare_teams_proxy_endpoint
(#1517) - New Resource:
cloudflare_waiting_room_event
(#1509)
ENHANCEMENTS:
- resource/cloudflare_page_rule: add support for
actions.disable_zaraz
(#1523) - resource/cloudflare_ruleset: add support for
action_parameters.response
to control the response when triggering a WAF rule (#1507) - resource/cloudflare_ruleset: add support for
ratelimit.requests_to_origin
(#1507)
BUG FIXES:
- resource/cloudflare_device_posture_integration: remove superfluous
id
from schema (#1504) - resource/cloudflare_spectrum_application: Fix 'edge_ip_connectivity' state persistence (#1515)
BUG FIXES:
- resource/cloudflare_ruleset: don't attempt to upgrade ratelimit if it isn't set (#1501)
BREAKING CHANGES:
- resource/cloudflare_ruleset: rename
mitigation_expression
tocounting_expression
(#1477)
ENHANCEMENTS:
- resource/cloudflare_access_rule: add support for managed_challenge action (#1457)
- resource/cloudflare_custom_hostname: adds support for custom_origin_sni (#1482)
- resource/cloudflare_device_policy_certificates: add support for device policy certificate settings (#1467)
- resource/cloudflare_teams_rules: Add
insecure_disable_dnssec_validation
option to settings (#1469) - resource/cloudflare_zone: add support for partner rate plans (#1464)
BUG FIXES:
- resource/cloudflare_record: no need to pass the resourceCloudflareRecordUpdate to the NonRetryable handler (#1496)
NOTES:
- resource/cloudflare_api_token: revert swap from TypeList to TypeSet due to broken migration (#1455)
FEATURES:
- New Data Source:
cloudflare_devices
(#1453)
FEATURES:
ENHANCEMENTS:
- cloudflare_ruleset: add support for "managed_challenge" action (#1442)
- resource/certificate_pack: adds
validation_errors
andvalidation_records
with same format as custom hostnames. (#1424) - resource/custom_hostname: also adds missing
validation_errors
, andcertificate_authority
(#1424) - resource/custom_hostname: validation tokens are now an array (
validation_records
) instead of a top level, but the only top level record that was previously here was for cname validation, txt/http/email were entirely missing. (#1424)
BUG FIXES:
- cloudflare_argo_tunnel: conditionally fetch settings based on the provided configuration (#1451)
- resource/cloudflare_api_token: ignore ordering of
permission_group
IDs (#1425)
FEATURES:
- New Resource:
cloudflare_ipsec_tunnel
(#1404)
ENHANCEMENTS:
- datasource/cloudflare_zones: allow filtering by account_id (#1401)
- resource/cloudflare_cloudflare_teams_rules: Add
check_session
andadd_headers
attributes to settings (#1402) - resource/cloudflare_cloudflare_teams_rules: Add
disable_download
,disable_keyboard
, anddisable_upload
attributes toBISOAdminControls
(#1402) - resource/cloudflare_logpush_job: add support for managing
dns_logs
(#1400) - resource/cloudflare_ruleset: add skip support for
products
andphases
(#1391) - resource/cloudflare_ruleset: smoother handling of UI/API collisions during migrations (#1393)
- resource/cloudflare_teams_accounts: Add the
fips
field for configuring FIPS-compliant TLS. (#1380)
BUG FIXES:
- resource/cloudflare_fallback_domain: default entries are now restored on delete. (#1399)
- resource/cloudflare_ruleset: conditionally set action parameter "version" (#1388)
- resource/cloudflare_ruleset: fix handling of
false
values for category/rule overrides (#1405)
FEATURES:
- New Resource:
cloudflare_device_posture_integration
(#1340) - New Resource:
cloudflare_fallback_domain
(#1356)
ENHANCEMENTS:
- resource/cloudflare_firewall_rule: add support for managed_challenge action (#1378)
- resource/cloudflare_load_balancer_monitor: added support for smtp, icmp_ping, and udp_icmp monitors (#1371)
- resource/cloudflare_logpush_job: add support for account-level logpush jobs (#1311)
- resource/cloudflare_logpush_ownership_challenge: add support for account-level logpush ownership challenges (#1311)
BUG FIXES:
- resource/cloudflare_api_token: modified_on is now read correctly (#1368)
DEPENDENCIES:
github.com/cloudflare/cloudflare-go
v0.29.0 => v0.30.0 (#1379)
ENHANCEMENTS:
- resource/cloudflare_access_application: add bookmark type to apptypes (#1343)
- resource/cloudflare_teams_rules: GATE-2273: Adds support for device posture gateway rules (#1353)
BUG FIXES:
- resource/cloudflare_load_balancer: handle empty
rules
forresourceCloudflareLoadBalancerStateUpgradeV1
(#1257) - resource/cloudflare_split_tunnel: import will now use correct import function (#1345)
NOTES:
- provider: split schema definition from resource CRUD operations (#1321)
FEATURES:
- New Data Source:
cloudflare_access_identity_provider
(#1300)
ENHANCEMENTS:
- resource/cloudflare_access_application: add support for
app_launcher_visible
to the schema (#1303) - resource/cloudflare_ruleset: add support for rewriting HTTP response headers (#1339)
- resource/cloudflare_zone: support changing
type
values (#1301)
BUG FIXES:
- resource/cloudflare_access_group: fix mapping error for AzureAD (#1341)
- resource/cloudflare_access_rule: allow "ip6" to be a padded or unpadded value and compare correctly (#1294)
- resource/cloudflare_argo: call
Read
forImport
operations (#1295) - resource/cloudflare_argo_tunnel: fix import mechanism (#1329)
- resource/cloudflare_argo_tunnel: update CNAME to use
cfargotunnel.com
(#1293) - resource/cloudflare_origin_ca_certificate: reintroduce
DiffSuppressFunc
forrequested_validity
changes to handle all schema/SDK combinations (#1289) - resource/cloudflare_split_tunnel: import now works by specifying accountId/mode (#1313)
- resource/cloudflare_teams_list: ignore
items
ordering (#1338)
ENHANCEMENTS:
- provider: add the ability to configure a different hostname and base path for the API client (#1270)
- resource/cloudflare_access_application: add support for 'skip_interstitial' and 'logo_url' properties (#1262)
- resource/cloudflare_custom_hostname: add
settings.early_hints
to ssl schema (#1286) - resource/cloudflare_ruleset: add support for exposed credential checks (#1263)
- resource/cloudflare_zone_setting_override: add support for overriding
early_hints
(#1285)
BUG FIXES:
- resource/cloudflare_ruleset: allow action parameter override
enabled
to be true/false or uninitialised (#1275) - resource/cloudflare_ruleset: allow setting
uri
andpath
action parmeters together in a single rule (#1271)
FEATURES:
- New Data Source:
cloudflare_account_roles
(#1238)
ENHANCEMENTS:
- resource/cloudflare_access_application: add support for 'SameSite' and 'HttpOnly' cookie attributes (#1241)
- resource/cloudflare_argo_tunnel: add
cname
as exported attribute (#1259) - resource/cloudflare_load_balancer_pool: add support for origin steering (#1240)
- resource/cloudflare_ruleset: add support for 'Action' and 'Enabled' action_parameters > overrides attributes (#1249)
- resource/cloudflare_zone_setting_override: add support for overriding
binary_ast
(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
filter_logs_to_cloudflare
(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
log_to_cloudflare
(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
orange_to_orange
(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
proxy_read_timeout
(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
visitor_ip
(#1261)
BUG FIXES:
- resource/cloudflare_access_policy: handle empty
nil
values for building policies (#1237) - resource/cloudflare_ruleset: don't attempt to update "custom" rulesets using the phase entrypoint (#1245)
NOTES:
- provider: cloudflare-go has been upgraded to v0.25.0 (#1236)
FEATURES:
ENHANCEMENTS:
- provider: add support for debugging via debuggers (like delve) (#1217)
- resource/cloudflare_access_policy: add support for approval_required flag (#1230)
BUG FIXES:
- resource/cloudflare_account_member: handle role changes made in the dashboard (#1202)
- resource/cloudflare_origin_ca_certificate: ignore
requested_validity
changes due to the value decreasing but still store it (#1214) - resource/cloudflare_record: handle
Update
s for records withdata
blocks (#1229)
ENHANCEMENTS:
- resource/cloudflare_ruleset: add support for ddos_l7 configuration (#1212)
ENHANCEMENTS:
- resource/cloudflare_access_rule: add state migrator for 3.x (#1211)
- resource/cloudflare_custom_ssl: add state migrator for 3.x (#1211)
- resource/cloudflare_load_balancer: add state migrator for 3.x (#1211)
- resource/cloudflare_record: add state migrator for 3.x (#1211)
BREAKING CHANGES:
- resource/cloudflare_access_rule:
configuration
is now aTypeList
instead of aTypeMap
(#1188) - resource/cloudflare_custom_ssl:
custom_ssl_options
is now aTypeList
instead ofTypeMap
(#1188) - resource/cloudflare_load_balancer:
fixed_response
is now aTypeList
instead of aTypeMap
(#1188) - resource/cloudflare_load_balancer: fixed_response.status_code
is now a
TypeIntinstead of a
TypeString` (#1188) - resource/cloudflare_record:
data
is now aTypeList
instead of aTypeMap
(#1188)
NOTES:
- provider: Golang version has been upgraded to 1.17 (#1188)
- provider: HTTP user agent is now "terraform/:version terraform-plugin-sdk/:version terraform-provider-cloudflare/:version" (#1188)
- provider: Minimum Terraform core version is now 0.14 (#1188)
- provider: terraform-plugin-sdk has been upgraded to 2.x (#1188)
ENHANCEMENTS:
- resource/cloudflare_custom_hostname:
settings.ciphers
is now aTypeSet
internally to handle suppress ordering changes. Schema representation remains the same (#1188) - resource/cloudflare_custom_hostname:
settings
is nowOptional
/Computed
to reflect the stricter schema validation introduced in terraform-plugin-sdk v2 (#1188) - resource/cloudflare_custom_hostname:
status
is nowComputed
as the value isn't managed by an end user (#1188)
NOTES:
- provider: Update to cloudflare-go v0.22.0 (#1184)
FEATURES:
- New Resource:
cloudflare_access_keys_configuration
(#1186) - New Resource:
cloudflare_teams_account
(#1173) - New Resource:
cloudflare_teams_rule
(#1173)
ENHANCEMENTS:
- resource/cloudflare_access_policy: add support for purpose justification and approvals (#1199)
- resource/cloudflare_ruleset: add support for HTTP rate limiting (#1179)
- resource/cloudflare_ruleset: add support for Transform Rules (#1169)
- resource/cloudflare_ruleset: add support for WAF payload logging (#1174)
- resource/cloudflare_ruleset: add support for more complex skip ruleset configurations (#1201)
BUG FIXES:
- resource/cloudflare_ruleset: fix state handling for terraform-plugin-sdk v2 (#1183)
- resource/cloudflare_zone_settings_override: remap
zero_rtt
=>0rtt
for resource delete (#1175)
Fixes
resource/cloudflare_ruleset
: Send a single payload for rules instead of many individual payloads to prevent overwriting previous rules (#1171)
- New resource:
cloudflare_notification_policy
(#1138) - New resource:
cloudflare_notification_policy_webhooks
(#1151) - New resource:
cloudflare_ruleset
(#1143) - New resource:
cloudflare_teams_location
(#1154) - New datasource:
cloudflare_origin_ca_root_certificate
(#1158)
Improvements
resource/cloudflare_waiting_room
: Add support forjson_response_enabled
as an argument (#1122)
Improvements
resource/cloudflare_access_device_posture_rule
: Add support fordomain_joined
,firewall
,os_version
, anddisk_encryption
(#1137)- provider: bump
cloudflare-go
to v0.20.0 (#1146)
Improvements
resource/cloudflare_logpush_job
: Add support for"nel_reports"
as a dataset (#1122)resource/cloudflare_custom_hostname
: Allow SSL options to be optional when not required (#1131)resource/cloudflare_access_identity_provider
: Support optional Okta API token (#1119)resource/cloudflare_load_balancer_pool
: Add support for load shedding (#1108)resource/cloudflare_load_balancer_pool
: Add support for longitude and latitude (#1093)
Fixes
resource/cloudflare_record
: Use correctImport
method on resource (#1116)resource/cloudflare_worker_cron_trigger
: Account for deletion of scripts and force a refresh of triggers (#1121)resource/cloudflare_rate_limit
: Handleorigin_traffic
missing from API response (#1125)resource/cloudflare_record
: Supportallow_overwrite
for root records (#1129)
- New resource:
cloudflare_waiting_room
(#1053)
Improvements
datasource/cloudflare_waf_rules
: Exportdefault_mode
as an attribute (#1079)
Fixes
resource/cloudflare_access_application
: Revert removal of schema changes causing existing applications unable to re-apply (#1118)
- New resource:
cloudflare_static_route
(#1098)
Improvements
resource/cloudflare_origin_ca
: Ignore decreasingrequested_validity
(#1043)resource/waf_override
: Allowrules
to be optional (#1090)resource/cloudflare_zone
: Don't attempt to set free zone rate plans as that is already the default (#1102)resource/cloudflare_access_application
: Ability to settype
for Applications (#1076)resource/cloudflare_zone_lockdown
: Update documentation to show examples of multiple configurations (#1106)
Improvements
- provider: Update to terraform-plugin-sdk v1.17.1 (#1035, #1043)
resource/cloudflare_logpush_job
: Allowownership_challenge
to be optional to account for Datadog, Splunk or S3-Compatible endpoints (#1048)resource/cloudflare_access_group
: Add support forlogin_method
(#1066)resource/cloudflare_load_balancer
: Add support forpromixity
based steering (#1072)resource/cloudflare_access_application
: Prevent bad CORS configuration when credentials and all origins are permitted (#1073)resource/cloudflare_access_service_tokens
: Allow configuration to manage automatic renewal when the threshold is crossed and Terraform operations are performed within the window (#1057)resource/cloudflare_load_balancer_pool
: Allow support forHost
header settings (#1042)
Fixes
resource/cloudflare_access_policy
: Allow empty slices in blocks when building policies (#1034)resource/cloudflare_load_balancer
: Fixoverride
attributespop_pools
andregion_pools
referencing incorrect values causing a panic (#1039)
New resource: cloudflare_access_ca_certificate
(#995)
Improvements
resource/cloudflare_access_application
: Improve documentation forImport
usage (#1002)resource/cloudflare_logpush_job
: Update documentation to reflect requirements fordestination_conf
to match across all uses (#1024)resource/cloudflare_custom_hostname_fallback
: Better handle service lag when updating existing resources by attempting retries (#1014)resource/cloudflare_waf_group
: Simplify error handling using inbuilt helpers (#1015)resource/cloudflare_waf_rule
: Simplify error handling using inbuilt helpers (#1015)resource/cloudflare_waf_package
: Simplify error handling using inbuilt helpers (#1015)resource/cloudflare_access_group
: Add support forlogin_method
(#1018)- provider: Update to cloudflare-go v0.16.0 (#1018)
- provider: Update to terraform-plugin-sdk v1.16.1 (#1003)
resource/cloudflare_load_balancer
: Add support forrules
(#1016)
Fixes
resource/cloudflare_record
: Address regression from 2.19.1 by checking the API response instead of the schema output forPriority
(#992)
Fixes
resource/cloudflare_record
: UpdatePriority
handling for MX parked records (#986)
Fixes
resource/cloudflare_access_group
: Fix crash when constructing a GSuite group (#940)resource/cloudflare_access_policy
: Makeprecedence
required (#941)resource/cloudflare_access_group
: Fix crash when constructing a SAML group (#948)resource/cloudflare_zone
: UpdateRetry
logic to look at an available field for passing conditions (#973)resource/cloudflare_page_rule
: Allow ignoring/including all query string parameters forcache_key_fields
(#975)
Improvements
resource/cloudflare_access_policy
: Enable zone and account level resources to be imported (#956)resource/cloudflare_origin_ca_certificate
: Smoother import process with less recreation (#955)- provider: Update internals to match
cloudflare-go
0.14 for better error handling and context aware methods (#976)
Fixes
datasource/cloudflare_zones
: Pagination is now correctly handled internally and will return more than the single page of results (cloudflare/cloudflare-go#534).resource/cloudflare_access_policy
: Correctly handle transforming API responses to schema (#917)resource/cloudflare_access_group
: Correctly handle transforming API responses to schema (#918)resource/cloudflare_ip_list
: Ensure account ID is persisted duringImport
(#916)
Improvements
resource/cloudflare_access_application
: Allow anysession_duration
that istime.ParseDuration
compatible (#910)resource/cloudflare_rate_limit
: Add the ability to configurematch.response.headers
in rate limits (#911)resource/cloudflare_access_rule
: Validate IP masks within schema (#921)
- New Resource:
cloudflare_magic_firewall_ruleset
(#884)
Fixes
resource/cloudfare_api_token
: Omittingconditions
will no longer send empty arrays causing IP restriction issues and unusable tokens (#902)
Improvements
resource/cloudflare_access_application
: Add support forcustom_deny_message
andcustom_deny_url
values (#895)resource/cloudflare_load_balancer_monitor
: Add support forprobe_zone
for monitors (#903)
Improvements
resource/cloudflare_load_balancer
: Add support forsession_affinity_ttl
(#882)resource/cloudflare_load_balancer
: Add support forsession_affinity_attributes
(#883)
Fixes
resource/cloudflare_page_rule
: Fixed crash during update when using custom cache key (#894)
- New Resource:
cloudflare_api_token
(#862) - New Datasource:
cloudflare_api_token_permission_groups
(#862) - New Resource:
cloudflare_zone_dnssec
(#852) - New Datasource:
cloudflare_zone_dnssec
(#852)
Improvements
resource/cloudflare_record
: Add explicit fields for CAA records instead of relying on the map value (#866)resource/cloudflare_account_member
: Swap schemarole_ids
toTypeSet
to better handle internal ordering changes (#876)
Fixes
datasource/cloudflare_waf_groups
: Maked.Id()
a consistent string value to prevent Terraform thinking it requires an update (#869)datasource/cloudflare_waf_packages
: Maked.Id()
a consistent string value to prevent Terraform thinking it requires an update (#869)datasource/cloudflare_waf_rules
: Maked.Id()
a consistent string value to prevent Terraform thinking it requires an update (#869)datasource/cloudflare_zones
: Maked.Id()
a consistent string value to prevent Terraform thinking it requires an update (#869)
Fixes
resource/cloudflare_filter
: Remove schema based validation for filters (#863)
Improvements
resource/cloudflare_filter
: Pass missing credential error through to end user (#860)
Improvements
datasource/cloudflare_ip_ranges
: Add the ability to querychina_ipv4_cidr_blocks
andchina_ipv6_cidr_blocks
(#833)resource/cloudflare_filter
: Improve validation of expressions using the schema (#848)
Fixes
resource/cloudflare_page_rule
: Set default forcache_key_fields.host.resolved
to prevent panics (#832)resource/cloudflare_authenticated_origin_pulls
: Fix off-by-one error check inImport
(#832)resource/cloudflare_authenticated_origin_pulls_certificate
: Fix off-by-one error check inImport
(#832)
Improvements
resource/cloudflare_certificate_pack
: Swap internal representation ofhosts
to remove inconsistent ordering issues (#800)resource/cloudflare_logpush_job
: Handle deletion outside of Terraform (#798)resource/cloudflare_access_group
: Add support forgeo
conditionals (#803)resource/cloudflare_access_application
: Add support forenable_binding_cookie
(#802)resource/cloudflare_waf_rule
: Improve documentation formode
(#824)datasource/cloudflare_waf_rule
: Improve documentation formode
(#824)resource/cloudflare_access_application
: Add support for zone-level routes to Access resources (#819)resource/cloudflare_access_group
: Add support for zone-level routes to Access resources (#819)resource/cloudflare_access_identity_provider
: Add support for zone-level routes to Access resources (#819)resource/cloudflare_access_policy
: Add support for zone-level routes to Access resources (#819)
Fixes
resource/cloudflare_custom_hostname_fallback_origin
: Don't retry the "active" status of custom hostnames fallbacks (#818)resource/cloudflare_zone
: RemoveDiffSuppressFunc
causingjump_start
issues (#830)
- New Resource:
cloudflare_certificate_pack
(#778)
Improvements
resource/cloudflare_access_group
: Add support forauth_method
(#762)resource/cloudflare_access_group
: De-duplicate blocks in groups by accepting lists instead (#739)resource/cloudflare_worker_script
: Adds support forwebassembly_binding
(#780)resource/cloudflare_healthcheck
: Retry hostname resolution errors when encountering "no such host" responses (#789)resource/cloudflare_access_application
: Better validation for allowed methods and origin combinations to prevent getting state into an unrecoverable state (#793)
Fixes
resource/cloudflare_healthcheck
: Handle resource deletion outside of Terraform (#787)resource/cloudflare_custom_hostname
: EnsureImport
sets hostname to prevent recreation (#788)resource/cloudflare_ip_list
: Handle resource deletion outside of Terraform (#794)resource/cloudflare_ip_list
: Removeitem
.id
from schema (#796)
Fixes
resource/cloudflare_access_application
: Handle thezone_id
=>account_id
move internally (#724)
- New Resource:
cloudflare_custom_hostname_origin_fallback
(#757) - New Resource:
cloudflare_authenticated_origin_pulls
(#749) - New Resource:
cloudflare_authenticated_origin_pulls_certificate
(#749) - New Resource:
cloudflare_ip_list
(#766)
Improvements
resource/cloudflare_spectrum_application
: Add support for port ranges (#745)resource/cloudflare_custom_hostname
: Force creation of a new resource if thezone_id
value changes (#761)resource/cloudflare_record
: Retry record creation/update if the response includes an "already exists" exception for handling race conditions (#773)
Fixes
resource/cloudflare_firewall_rule
: Compare descriptions after converting unicode + HTML entities to prevent unnecessary diffs (#758)resource/cloudflare_filter
: Compare descriptions after converting unicode + HTML entities to prevent unnecessary diffs (#758)
- New Resource:
cloudflare_custom_hostname
(SSL for SaaS) (#746)
Improvements
resource/access_application
: Add support forallowed_idps
and restricting which Identity Providers are associated with an Application (#734)resource/access_application
: Add support forauto_redirect_to_identity
(#730)resource/access_application
: Add CORS support (#725)resource/cloudflare_custom_ssl
: Allowgeo_restrictions
to benil
and not included in the request payload (#714)datasource/cloudflare_zones
: Filtering is now performed on the server side and thename
parameter is no longer a regex. Instead,name
is a string to match on andmatch
is a regex. See the website documentation for more examples and updated references (#708) in order to make your code compatible with this release.
- New Resource:
cloudflare_waf_override
(#691)
Improvements
resource/cloudflare_argo
: Allowtiered_caching
andsmart_routing
to be toggled individually allowing for entitlement differences (#703)resource/cloudflare_page_rule
: Add support forcache_ttl_by_status
(#706)resource/cloudflare_worker_script
: Add support forplain_text
andsecret_text
bindings (#710)
Fixes
resource/cloudflare_record
: UpdateTestAccCloudflareRecord_LOC
test asserted value to use less precise floats and match the API responses (#712)resource/cloudflare_record
: UpdateTestAccCloudflareRecord_Basic
testmetadata
attributes to match updated API payload (#713)
- New Resource:
cloudflare_byo_ip_prefix
(#671) - New Resource:
cloudflare_logpull_retention
(#678) - New Resource:
cloudflare_healthcheck
(#680)
Improvements:
resource/cloudflare_worker_route
: Improve documentation to mention usingaccount_id
for the underlying APIs (#669)resource/cloudflare_worker_script
: Improve documentation to mention usingaccount_id
for the underlying APIs (#670)resource/cloudflare_load_balancer_pool
: Improve documentation to mentionnotification_email
accepts a comma delimited list of emails (#687)resource/cloudflare_page_rule
: Add support forcache_key_fields
Page Rule action (#662)
Fixes:
resource/cloudflare_zone_settings_override
: Fix regression where if you didn't have universal SSL settings defined, it would error when setting them (#663)resource/cloudflare_zone
: Handle changing zone rate plan from "free" to "enterprise" (#668)resource/cloudflare_record
: Update validation to allow PTR records (9a8fd43)
Improvements:
resource/cloudflare_zone_settings_override
: Adduniversal_ssl
to control enablement of Universal SSL on a zone (#658)- provider: API keys and API tokens are now validated to help differentiate incorrect usage before making API calls (#661)
resource/cloudflare_logpush_job
: Add support for "firewall_events" dataset parameter (#660)resource/cloudflare_logpush_job
: Add support for "dataset" parameter (#649)resource/cloudflare_zone_settings_override
: Removeedge_cache_ttl
(#654)resource/cloudflare_access_group
: Allow Access conditions forinclude
/require
/exclude
to be used consistently between Access Groups and Access Policies (#646)
Fixes:
resource/cloudflare_logpush_job
: fix forstrconv.Atoi: parsing ""
error while creating Logpush job
Improvements:
resource/cloudflare_zone_settings_override
: Updateimage_resizing
options to include"open"
(#639)
Fixes:
resource/cloudflare_access_group
: Fixed misspelt Okta in JSON payload (cloudflare/cloudflare-go#440)
Improvements:
resource/cloudflare_access_policy
: Add support forservice_token
andany_valid_service_token
(#612)resource/cloudflare_waf_group
: Handle WAF group deletions in the API responses (#623)resource/cloudflare_waf_package
: Handle WAF package deletions in the API responses (#623)resource/cloudflare_waf_rule
: Handle WAF rule deletions in the API responses (#623)resource/cloudflare_access_policy
: Add support forgroup
(#626)resource/cloudflare_firewall_rule
: Add support for bypassing specificproducts
(#630)resource/cloudflare_spectrum_application
: Add support foredge_ips
,argo_smart_routing
andedge_ip_connectivity
(#631)resource/cloudflare_access_group
: Add support for using external providers (gsuite
,github
,azure
,okta
,saml
,mTLS certificate
,common name
) (#633)
Improvements:
resource/cloudflare_logpush_job
: SupportImport
on the resource (#618)
Fixes:
resource/cloudflare_record
: Missing CAA in DNS validation (#619)
Improvements:
resource/cloudflare_record
: Stricter validation for record types (#610)resource/logpush_job
: Add more verbose error handling (#564)resource/zone_settings_override
: Update documentation forcache_level
values (#606)resource/access_application
: Add documentation for available attributes (#587)resource/cloudflare_firewall_rule
: Add support for bypassing security configuration rules by URL (#568)resource/cloudflare_record_migrate
: Usezone_id
for state migration before attempting to usedomain
(#566)resource/cloudflare_load_balancer
: Updatesession_affinity
validation to allow"ip_cookie"
(#573)datasource/ip_ranges
: Update documentation to show 0.12 syntax (#617)
Fixes
resource/zone_settings_override
: Handle individual zone settings withinDelete
operations (#599)
- New Resource:
cloudflare_origin_ca_certificate
(#547)
Fixes:
resource/cloudflare_zone_settings_override
: Renamed0rtt
tozero_rtt
to conform to HCL grammar requirements (#557)
Improvements:
resource/cloudflare_access_rule
: Addip6
as valid option (#560)resource/cloudflare_spectrum_application
: Swapproxy_protocol
to string field with supporting enum values instead (#561)resource/cloudflare_waf_rule
: Addpackage_id
as valid option and exportgroup_id
(#552)
Improvements:
resource/cloudflare_zone_settings_override
: Addnon_identity
to alloweddecision
schema (#541)resource/cloudflare_zone_settings_override
: Add support for0rtt
andhttp3
settings (#542)resource/cloudflare_load_balancer_monitor
: Allow empty string forexpected_body
(#539)resource/cloudflare_worker_script
: Add support for Worker KV Namespace Bindings (#544)data_source/waf_rules
,resource/cloudflare_waf_rule
, Support allowed modes for WAF Rules (#550)
Fixes:
resource/cloudflare_spectrum_application
: Spectrum origin_port is optional (#549)
- New datasource:
cloudflare_waf_rules
(#525)
Improvements:
resource/cloudflare_zone
: Exposeverification_key
for partial setups (#532)resource/cloudflare_worker_route
: Enable API Tokens support from upstream cloudflare-go release
- New Resource:
cloudflare_access_service_tokens
(#521) - New Resource:
cloudflare_waf_package
(#475) - New Resource:
cloudflare_waf_group
(#476) - New datasource:
cloudflare_waf_groups
(#508) - New datasource:
cloudflare_waf_packages
(#509)
Fixes:
resource/cloudflare_page_rule
: Seth2_prioritization
individually not via bulk endpoint (#493)resource/cloudflare_zone_settings_override
: Setzone_id
to prevent unnecessary re-creation of resources (#502)
Improvements:
resource/cloudflare_spectrum_application
: Add support for settingtraffic_type
(#481)resource/cloudflare_zone_settings_override
: Update documentation with default values (#498)
Internals:
- Migrated to Terraform plugin SDK (#489)
Breaking changes:
provider/cloudflare
:- renamed
token
toapi_key
- renamed
org_id
toaccount_id
- removed
use_org_from_zone
, you need to explicitly specifyaccount_id
- Environment variables:
- renamed
CLOUDFLARE_TOKEN
toCLOUDFLARE_API_TOKEN
- renamed
CLOUDFLARE_ORG_ID
toCLOUDFLARE_ACCOUNT_ID
- removed
CLOUDFLARE_ORG_ZONE
, you need to explicitly specifyCLOUDFLARE_ACCOUNT_ID
- Changed the following resources to require Zone ID:
cloudflare_access_rule
cloudflare_filter
cloudflare_firewall_rule
cloudflare_load_balancer
cloudflare_page_rule
cloudflare_rate_limit
cloudflare_record
cloudflare_waf_rule
cloudflare_worker_route"
cloudflare_zone_lockdown
cloudflare_zone_settings_override
- Workers single-script support removed
Please see Version 2 Upgrade Guide for details.
Improvements:
cloudflare/resource_cloudflare_argo
: Handle errors when fetching tiered caching + smart routing settings (#477)- Various documentation updates for 0.12 syntax
Fixes:
resource/cloudflare_load_balancer
: Markzone
as Computed to allow deprecations (#462)resource/cloudflare_page_rule
: Markzone
as Computed to allow deprecations (#462)resource/cloudflare_rate_limit
: Markzone
as Computed to allow deprecations (#462)resource/cloudflare_waf_rule
: Markzone
as Computed to allow deprecations (#462)resource/cloudflare_worker_route
: Markzone
as Computed to allow deprecations (#462)resource/cloudflare_worker_script
: Markzone
as Computed to allow deprecations (#462)resource/cloudflare_zone_lockdown
: Markzone
as Computed to allow deprecations (#462)
Fixes:
resource/cloudflare_page_rule
: Fix a logic condition where settingedge_cache_ttl
action but then not updating it in subsequentapply
runs causes it to be blown away (#453)
Improvements:
- provider: You can now use API tokens to authenticate instead of user email and key (#450)
resource/cloudflare_zone_lockdown
:priority
can now be set on the resource (#445)resource/cloudflare_custom_ssl
: Updated website documentation navigation to include link for resource (#442))
Deprecations:
resource/cloudflare_access_rule
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_filter
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_firewall_rule
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_load_balancer
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_page_rule
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_rate_limit
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_waf_rule
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_worker_route
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_worker_script
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_zone_lockdown
:zone
has been superseded by usingzone_id
(#452)
Fixes:
- Partially revert [#421] deprecation messages
Removals:
resource/cloudflare_zone_settings_override
:sha1_support
has been removed due to Cloudflare no longer supporting SHA1 certificates or the API endpoint (#415)
Deprecations:
resource/cloudflare_zone_settings_override
:tls_1_2_only
has been superseded by usingmin_tls_version
instead (#405)resource/cloudflare_access_rule
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_filter
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_firewall_rule
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_load_balancer
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_page_rule
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_rate_limit
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_waf_rule
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_worker_route
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_worker_script
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_zone_lockdown
:zone
has been superseded by usingzone_id
(#421)
Improvements:
- New Resource:
cloudflare_custom_ssl
(#418) resource/cloudflare_filter
: Strip all surrounding whitespace from filter expressions to match API responses (#361)resource/cloudflare_zone
: Support unicode zone name values (#412)resource/cloudflare_page_rule
: Allow settingorigin_pull
for SSL (#430)resource/cloudflare_load_balancer_monitor
: Add TCP support for load balancer monitor (#428)
Fixes:
resource/cloudflare_logpush_job
: Update documentation (#395)resource/cloudflare_zone_lockdown
: Fix: examples in documentation (#407)resource/cloudflare_page_rule
: Set nil on changed string-based Page Rule actions
Fixes:
resource/cloudflare_page_rule
: Fix regression inbrowser_cache_ttl
where the value was sent as a string instead of an integer to the remote (#390)
Improvements:
resource/cloudflare_zone_settings_override
: Add support forh2_prioritization
andimage_resizing
(#381)resource/cloudflare_load_balancer_pool
: Update IP range for tests to not use reserved ranges (#369)
Fixes:
resource/cloudflare_page_rule
: Fix issues withbrowser_cache_ttl
defaults and when value is0
(for Enterprise users) (#379)
- The provider is now compatible with Terraform v0.12, while retaining compatibility with prior versions. (#309)
Improvements:
- New Resource:
cloudflare_argo
Manage Argo features (#304) cloudflare_zone
: Support management of partial zones (#303)cloudflare_rate_limit
: Updatemodes
documentation (#293)cloudflare_load_balancer
: Allow steering policy of "random" (#329)
Fixes:
cloudflare_page_rule
- Allow settingbrowser_cache_ttl
to 0 (#293)cloudflare_page_rule
- Swap to completely replacing rules (#338)
Improvements
- New Resource:
cloudflare_logpush_job
(#287) cloudflare_zone_settings
- Remove option to togglealways_on_ddos
(#253)cloudflare_page_rule
- Update documentation to clarify "0" usagecloudflare_zones
- Return zone ID and zone name (#275)cloudflare_load_balancer
- Addenabled
field (#208)cloudflare_record
- validators: Allow PTR DNS records (#283)
Fixes:
cloudflare_custom_pages
- Use correct casing forzone_id
lookupscloudflare_rate_limit
- Makecorrelate
optional and not flap in state management (#271)cloudflare_spectrum_application
- Fixed integration tests to work (#275)cloudflare_page_rule
- Better track field changes inactions
resource. (#107)
Improvements:
- provider: Enable request/response logging (#212)
- resource/cloudflare_load_balancer_monitor: Add validation for
port
(#213) - resource/cloudflare_load_balancer_monitor: Add
allow_insecure
andfollow_redirects
(#205) - resource/cloudflare_page_rule: Updated available actions documentation to match what is available (#228)
- provider: Swap to using go modules for dependency management (#230)
- provider: Minimum Go version for development is now 1.11 (#230)
Fixes:
- resource/cloudflare_record: Read
data
back from API correctly (#217) - resource/cloudflare_rate_limit: Read
correlate
back from API correctly (#204) - resource/cloudflare_load_balancer_monitor: Fix incorrect type cast for
port
(#213) - resource/cloudflare_load_balancer: Make
steering_policy
computed to avoid spurious diffs (#214) - resource/cloudflare_load_balancer: Read
session_affinity
back from API to make import work & detects drifts (#214)
Improvements:
- New Resource:
cloudflare_spectrum_app
(#156) - New Data Source:
cloudflare_zones
(#168) cloudflare_load_balancer_monitor
- Add optionalport
parameter (#179)cloudflare_page_rule
- Improved documentation forpriority
attribute (#182], missingexplicit_cache_control
[#185)cloudflare_rate_limit
- Addchallenge
andjs_challenge
rate-limit modes (#172)
Fixes:
cloudflare_page_rule
- Page rulezone
attribute change to trigger new resource (#183)
Improvements:
cloudflare_zone_settings_override
- Addopportunistic_onion
zone setting support (#170)cloudflare_zone
- Add ability to set zone plan (#160)
Fixes:
cloudflare_zone
- Allow zones to be properly imported (#157)cloudflare_access_policy
- Match access_policy argument requisites with reality (#158)cloudflare_filter
- Allowzone_id
to setzone
and vice versa (#162)cloudflare_firewall_rule
- Allowzone_id
to setzone
and vice versa (#174)cloudflare_access_rule
- Ensurezone
andzone_id
are always set (#175)- Minor documentation fixes
Improvements:
- New Resource:
cloudflare_access_application
(#145) - New Resource:
cloudflare_access_policy
(#145) cloudflare_load_balancer
- Add steering policy support (#147)cloudflare_load_balancer
- Supportsession_affinity
(#153)cloudflare_load_balancer_pool
- Supportweight
(#153)
Fixes:
cloudflare_record
- Compare name without the zone name (#151)- Minor documentation fixes (#149] [#152)
Improvements:
- New Resource:
cloudflare_zone
(#58) - New Resource:
cloudflare_custom_pages
(#132) cloudflare_zone_settings_override
- Allow setting SSL level to Strict (SSL-Only Origin Pull) (#122)- Update provider usage/build docs and how to update a dependency (#138)
- Improve
Building The Provider
instructions (#143) cloudflare_access_rule
- Make importable for all rule types (#141)cloudflare_load_balancer_pool
- ImplementUpdate
(#140)
Fixes:
cloudflare_rate_limit
- Documentation fixes for markdown where _ALL_ is italicized (#125)cloudflare_worker_route
- Correctly setmulti_script
on Enterprise worker imports (#124)account_member
- Ignore role ID ordering (#128)cloudflare_rate_limit
- Origin traffic isn't default anymore (#130)cloudflare_rate_limit
- Update rate limit validation to allow1
(#129)cloudflare_record
- Add validation to ensure TTL is not set whileproxied
is true (#127)- Updated code for provider version in User-Agent
cloudflare_zone_lockdown
- Fix import of zone lockdowns (#135)
Improvements:
- New Resource:
cloudflare_account_member
(#78)
Improvements:
- New Resource:
cloudflare_filter
- New Resource:
cloudflare_firewall_rule
Improvements:
- New Resource:
cloudflare_zone_lockdown
(#115)
Fixes:
- Send User-Agent header with name and version when contacting API
cloudflare_page_rule
- Fix page rule polish (off, lossless or lossy) (#116)
Improvements:
Improvements:
- New Resource:
cloudflare_access_rule
(#64)
Fixes:
cloudflare_zone_settings_override
- Change Zone Settings Override to use GetOkExists (#107)
Improvements:
- New Resource:
cloudflare_waf_rule
(#98) cloudflare_zone_settings_override
- Addoff
as Security Level setting (#99)resource_cloudflare_rate_limit
- Add nat support (#96)resource_cloudflare_zone_settings_override
- Addzrt
as a value for thetls_1_3
setting (#106)- Minor documentation improvements
Fixes:
cloudflare_record
- Setting a DNS record'sproxied
flag to false stopped working (#103)
FIXES:
cloudflare_ip_ranges
- IPv6 CIDR blocks should return IPv6 addresses (#51)cloudflare_zone_settings_override
- Allow0
forbrowser_cache_ttl
(#71)cloudflare_page_rule
-forwarding_urls
in page rules are lists (#79)cloudflare_page_rule
- The API supportsactive
anddisabled
, notpaused
(#84)
IMPROVEMENTS:
cloudflare_zone_settings_override
- Add support formin_tls_version
(#72)cloudflare_page_rule
- Add support for more settings:bypass_cache_on_cookie
,cache_by_device_type
,cache_deception_armor
,cache_on_cookie
,host_header_override
,polish
,explicit_cache_control
,origin_error_page_pass_thru
,sort_query_string_for_cache
,resolve_override
,respect_strong_etag
,response_buffering
,true_client_ip_header
,mirage
,disable_railgun
,cache_key
,waf
,rocket_loader
,cname_flattening
(#68], [#81], [#85)cloudflare_page_rule
- Addoff
setting tosecurity_level
(#81)cloudflare_record
- DNS Record improvements (#97)- Various documentation improvements
BACKWARDS INCOMPATIBILITIES / NOTES:
- resource/cloudflare_record: Changing
name
ordomain
now force a recreation of the record (#29)
FEATURES:
- New Resource:
cloudflare_rate_limit
(#30) - New Resource:
cloudflare_page_rule
(#38) - New Resource:
cloudflare_load_balancer
(#40) - New Resource:
cloudflare_load_balancer_pool
(#40) - New Resource:
cloudflare_zone_settings_override
(#41) - New Resource:
cloudflare_load_balancer_monitor
(#42) - New Data Source:
cloudflare_ip_ranges
(#28)
IMPROVEMENTS:
- resource/cloudflare_record: Validate
TXT
records (#14) - resource/cloudflare_record: Add
data
input to suppport SRV, LOC records (#29) - resource/cloudflare_record: Add computed attributes
created_on
,modified_on
,proxiable
, andmetadata
to records (#29) - resource/cloudflare_record: Support import of existing records (#36)
- New Provider configuration options for API rate limiting (#43)
- New Provider configuration options for using Organizations (#40)
NOTES:
- Same functionality as that of Terraform 0.9.8. Repacked as part of Provider Splitout