fix all test-account-ids and test-zone-ids semgrep rule

.semgrep.yml

@@ -40,7 +40,9 @@ rules:
         - 'docs/'
         - 'examples/'
         - 'templates/'
-    fix: zone_id = "0da42c8d2132a9ddaf714f9e7c920711"
+    fix-regex:
+      regex: (zone_id\s*=\s*)\".*\"
+      replacement: \1"0da42c8d2132a9ddaf714f9e7c920711"
     patterns:
       - pattern: zone_id = "..."
       - pattern-not: zone_id = "0da42c8d2132a9ddaf714f9e7c920711"
@@ -64,7 +66,9 @@ rules:
         - 'docs/'
         - 'examples/'
         - 'templates/'
-    fix: account_id = "f037e56e89293a057740de681ac9abbe"
+    fix-regex:
+      regex: (account_id\s*=\s*)\".*\"
+      replacement: \1"f037e56e89293a057740de681ac9abbe"
     patterns:
       - pattern: account_id = "..."
       - pattern-not: account_id = "f037e56e89293a057740de681ac9abbe"

docs/resources/access_application.md

@@ -23,7 +23,7 @@ zone needs to use the `zone_id` argument.
 
 ```terraform
 resource "cloudflare_access_application" "staging_app" {
-  zone_id                   = "1d5fdc9e88c8a8c4518b068cd94331fe"
+  zone_id                   = "0da42c8d2132a9ddaf714f9e7c920711"
   name                      = "staging application"
   domain                    = "staging.example.com"
   type                      = "self_hosted"
@@ -33,7 +33,7 @@ resource "cloudflare_access_application" "staging_app" {
 
 # With CORS configuration
 resource "cloudflare_access_application" "staging_app" {
-  zone_id          = "1d5fdc9e88c8a8c4518b068cd94331fe"
+  zone_id          = "0da42c8d2132a9ddaf714f9e7c920711"
   name             = "staging application"
   domain           = "staging.example.com"
   type             = "self_hosted"

docs/resources/access_bookmark.md

@@ -19,7 +19,7 @@ zone needs to use the `zone_id` argument.
 
 ```terraform
 resource "cloudflare_access_bookmark" "my_bookmark_app" {
-  account_id           = "1d5fdc9e88c8a8c4518b068cd94331fe"
+  account_id           = "f037e56e89293a057740de681ac9abbe"
   name                 = "My Bookmark App"
   domain               = "example.com"
   logo_url             = "https://example.com/example.png"

docs/resources/access_ca_certificate.md

@@ -20,13 +20,13 @@ zone needs to use the `zone_id` argument.
 ```terraform
 # account level
 resource "cloudflare_access_ca_certificate" "example" {
-  account_id     = "1d5fdc9e88c8a8c4518b068cd94331fe"
+  account_id     = "f037e56e89293a057740de681ac9abbe"
   application_id = "6cd6cea3-3ef2-4542-9aea-85a0bbcd5414"
 }
 
 # zone level
 resource "cloudflare_access_ca_certificate" "another_example" {
-  zone_id        = "b6bc7eb6027c792a6bca3dc91fd2d7e0"
+  zone_id        = "0da42c8d2132a9ddaf714f9e7c920711"
   application_id = "fe2be0ff-7f13-4350-8c8e-a9b9795fe3c2"
 }
 ```

docs/resources/access_group.md

@@ -20,7 +20,7 @@ zone needs to use the `zone_id` argument.
 ```terraform
 # Allowing access to `test@example.com` email address only
 resource "cloudflare_access_group" "test_group" {
-  account_id = "975ecf5a45e3bcb680dba0722a420ad9"
+  account_id = "f037e56e89293a057740de681ac9abbe"
   name       = "staging group"
 
   include {
@@ -31,7 +31,7 @@ resource "cloudflare_access_group" "test_group" {
 # Allowing `test@example.com` to access but only when coming from a
 # specific IP.
 resource "cloudflare_access_group" "test_group" {
-  account_id = "975ecf5a45e3bcb680dba0722a420ad9"
+  account_id = "f037e56e89293a057740de681ac9abbe"
   name       = "staging group"
 
   include {

docs/resources/access_identity_provider.md

@@ -20,14 +20,14 @@ zone needs to use the `zone_id` argument.
 ```terraform
 # one time pin
 resource "cloudflare_access_identity_provider" "pin_login" {
-  account_id = "1d5fdc9e88c8a8c4518b068cd94331fe"
+  account_id = "f037e56e89293a057740de681ac9abbe"
   name       = "PIN login"
   type       = "onetimepin"
 }
 
 # oauth
 resource "cloudflare_access_identity_provider" "github_oauth" {
-  account_id = "1d5fdc9e88c8a8c4518b068cd94331fe"
+  account_id = "f037e56e89293a057740de681ac9abbe"
   name       = "GitHub OAuth"
   type       = "github"
   config {
@@ -38,7 +38,7 @@ resource "cloudflare_access_identity_provider" "github_oauth" {
 
 # saml
 resource "cloudflare_access_identity_provider" "jumpcloud_saml" {
-  account_id = "1d5fdc9e88c8a8c4518b068cd94331fe"
+  account_id = "f037e56e89293a057740de681ac9abbe"
   name       = "JumpCloud SAML"
   type       = "saml"
   config {
@@ -52,7 +52,7 @@ resource "cloudflare_access_identity_provider" "jumpcloud_saml" {
 
 # okta
 resource "cloudflare_access_identity_provider" "okta" {
-  account_id = "1d5fdc9e88c8a8c4518b068cd94331fe"
+  account_id = "f037e56e89293a057740de681ac9abbe"
   name       = "Okta"
   type       = "okta"
   config {

docs/resources/access_mutual_tls_certificate.md

@@ -19,7 +19,7 @@ zone needs to use the `zone_id` argument.
 
 ```terraform
 resource "cloudflare_access_mutual_tls_certificate" "my_cert" {
-  zone_id              = "1d5fdc9e88c8a8c4518b068cd94331fe"
+  zone_id              = "0da42c8d2132a9ddaf714f9e7c920711"
   name                 = "My Root Cert"
   certificate          = var.ca_pem
   associated_hostnames = ["staging.example.com"]

docs/resources/access_policy.md

@@ -21,7 +21,7 @@ zone needs to use the `zone_id` argument.
 # Allowing access to `test@example.com` email address only
 resource "cloudflare_access_policy" "test_policy" {
   application_id = "cb029e245cfdd66dc8d2e570d5dd3322"
-  zone_id        = "d41d8cd98f00b204e9800998ecf8427e"
+  zone_id        = "0da42c8d2132a9ddaf714f9e7c920711"
   name           = "staging policy"
   precedence     = "1"
   decision       = "allow"
@@ -39,7 +39,7 @@ resource "cloudflare_access_policy" "test_policy" {
 # specific IP.
 resource "cloudflare_access_policy" "test_policy" {
   application_id = "cb029e245cfdd66dc8d2e570d5dd3322"
-  zone_id        = "d41d8cd98f00b204e9800998ecf8427e"
+  zone_id        = "0da42c8d2132a9ddaf714f9e7c920711"
   name           = "staging policy"
   precedence     = "1"
   decision       = "allow"

docs/resources/access_rule.md

@@ -30,7 +30,7 @@ resource "cloudflare_access_rule" "antarctica" {
     target = "country"
     value  = "AQ"
   }
-  zone_id = "cb029e245cfdd66dc8d2e570d5dd3322"
+  zone_id = "0da42c8d2132a9ddaf714f9e7c920711"
 }
 
 # Whitelist office's network IP ranges on all account zones (or other lists of resources).

docs/resources/access_service_token.md

@@ -13,13 +13,13 @@ Access Service Tokens are used for service-to-service communication when an appl
 
 ```terraform
 resource "cloudflare_access_service_token" "my_app" {
-  account_id = "d41d8cd98f00b204e9800998ecf8427e"
+  account_id = "f037e56e89293a057740de681ac9abbe"
   name       = "CI/CD app"
 }
 
 # Generate a service token that will renew if terraform is ran within 30 days of expiration
 resource "cloudflare_access_service_token" "my_app" {
-  account_id = "d41d8cd98f00b204e9800998ecf8427e"
+  account_id = "f037e56e89293a057740de681ac9abbe"
   name       = "CI/CD app renewed"
 
   min_days_for_renewal = 30

docs/resources/argo.md

@@ -13,7 +13,7 @@ Cloudflare Argo controls the routing to your origin and tiered caching options t
 
 ```terraform
 resource "cloudflare_argo" "example" {
-  zone_id        = "d41d8cd98f00b204e9800998ecf8427e"
+  zone_id        = "0da42c8d2132a9ddaf714f9e7c920711"
   tiered_caching = "on"
   smart_routing  = "on"
 }

docs/resources/filter.md

@@ -13,7 +13,7 @@ Filter expressions that can be referenced across multiple features, e.g. Firewal
 
 ```terraform
 resource "cloudflare_filter" "wordpress" {
-  zone_id     = "d41d8cd98f00b204e9800998ecf8427e"
+  zone_id     = "0da42c8d2132a9ddaf714f9e7c920711"
   description = "Wordpress break-in attempts that are outside of the office"
   expression  = "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.src ne 192.0.2.1"
 }

docs/resources/firewall_rule.md

@@ -22,13 +22,13 @@ Filter expressions needs to be created first before using Firewall Rule.
 
 ```terraform
 resource "cloudflare_filter" "wordpress" {
-  zone_id     = "d41d8cd98f00b204e9800998ecf8427e"
+  zone_id     = "0da42c8d2132a9ddaf714f9e7c920711"
   description = "Wordpress break-in attempts that are outside of the office"
   expression  = "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.src ne 192.0.2.1"
 }
 
 resource "cloudflare_firewall_rule" "wordpress" {
-  zone_id     = "d41d8cd98f00b204e9800998ecf8427e"
+  zone_id     = "0da42c8d2132a9ddaf714f9e7c920711"
   description = "Block wordpress break-in attempts"
   filter_id   = cloudflare_filter.wordpress.id
   action      = "block"

docs/resources/ipsec_tunnel.md

@@ -13,7 +13,7 @@ Provides a resource, that manages IPsec tunnels for Magic Transit.
 
 ```terraform
 resource "cloudflare_ipsec_tunnel" "example" {
-  account_id           = "c4a7362d577a6c3019a474fd6f485821"
+  account_id           = "f037e56e89293a057740de681ac9abbe"
   name                 = "IPsec_1"
   customer_endpoint    = "203.0.113.1"
   cloudflare_endpoint  = "203.0.113.1"

docs/resources/list.md

@@ -14,7 +14,7 @@ Provides Lists (IPs, Redirects) to be used in Edge Rules Engine across all zones
 ```terraform
 # IP list
 resource "cloudflare_list" "example" {
-  account_id  = "919f297a62fdfb28844177128ed4d331"
+  account_id  = "f037e56e89293a057740de681ac9abbe"
   name        = "example list"
   description = "example IPs for a list"
   kind        = "ip"
@@ -36,7 +36,7 @@ resource "cloudflare_list" "example" {
 
 # Redirect list
 resource "cloudflare_list" "example" {
-  account_id  = "919f297a62fdfb28844177128ed4d331"
+  account_id  = "f037e56e89293a057740de681ac9abbe"
   name        = "example list"
   description = "example redirects for a list"
   kind        = "redirect"

docs/resources/logpush_job.md

@@ -63,7 +63,7 @@ resource "cloudflare_logpush_job" "http_requests" {
 # must match identically in all resources. Otherwise the challenge validation
 # will fail.
 resource "cloudflare_logpush_ownership_challenge" "ownership_challenge" {
-  zone_id          = "d41d8cd98f00b204e9800998ecf8427e"
+  zone_id          = "0da42c8d2132a9ddaf714f9e7c920711"
   destination_conf = "s3://my-bucket-path?region=us-west-2"
 }
 
@@ -74,7 +74,7 @@ data "aws_s3_bucket_object" "challenge_file" {
 
 resource "cloudflare_logpush_job" "example_job" {
   enabled             = true
-  zone_id             = "d41d8cd98f00b204e9800998ecf8427e"
+  zone_id             = "0da42c8d2132a9ddaf714f9e7c920711"
   name                = "My-logpush-job"
   logpull_options     = "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339"
   destination_conf    = "s3://my-bucket-path?region=us-west-2"
@@ -87,15 +87,15 @@ resource "cloudflare_logpush_job" "example_job" {
 # 1. Create `cloudflare_logpush_ownership_challenge` resource
 
 resource "cloudflare_logpush_ownership_challenge" "ownership_challenge" {
-  zone_id          = "d41d8cd98f00b204e9800998ecf8427e"
+  zone_id          = "0da42c8d2132a9ddaf714f9e7c920711"
   destination_conf = "s3://my-bucket-path?region=us-west-2"
 }
 
 # 2. Check S3 bucket for your ownership challenge filename and grab the contents.
 # 3. Create the `cloudflare_logpush_job` substituting in your manual `ownership_challenge`.
 resource "cloudflare_logpush_job" "example_job" {
   enabled             = true
-  zone_id             = "d41d8cd98f00b204e9800998ecf8427e"
+  zone_id             = "0da42c8d2132a9ddaf714f9e7c920711"
   name                = "My-logpush-job"
   logpull_options     = "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339"
   destination_conf    = "s3://my-bucket-path?region=us-west-2"

docs/resources/managed_headers.md

@@ -19,7 +19,7 @@ Terraform will override your configuration if it exists.
 ```terraform
 # Enable security headers using Managed Meaders
 resource "cloudflare_managed_headers" "example" {
-  zone_id = "cb029e245cfdd66dc8d2e570d5dd3322"
+  zone_id = "0da42c8d2132a9ddaf714f9e7c920711"
 
   managed_request_headers {
     id      = "add_true_client_ip_headers"

docs/resources/notification_policy.md

@@ -13,7 +13,7 @@ Provides a resource, that manages a notification policy for Cloudflare's product
 
 ```terraform
 resource "cloudflare_notification_policy" "example" {
-  account_id  = "c4a7362d577a6c3019a474fd6f485821"
+  account_id  = "f037e56e89293a057740de681ac9abbe"
   name        = "Policy for SSL notification events"
   description = "Notification policy to alert when my SSL certificates are modified"
   enabled     = true
@@ -34,7 +34,7 @@ resource "cloudflare_notification_policy" "example" {
 
 ### With Filters
 resource "cloudflare_notification_policy" "example" {
-  account_id  = "c4a7362d577a6c3019a474fd6f485821"
+  account_id  = "f037e56e89293a057740de681ac9abbe"
   name        = "Policy for Healthcheck notification"
   description = "Notification policy to alert on unhealthy Healthcheck status"
   enabled     = true

docs/resources/ruleset.md

@@ -35,7 +35,7 @@ have inconsistent operations and inadvertently disable rulesets.
 ```terraform
 # Magic Transit
 resource "cloudflare_ruleset" "magic_transit_example" {
-  account_id  = "d41d8cd98f00b204e9800998ecf8427e"
+  account_id  = "f037e56e89293a057740de681ac9abbe"
   name        = "account magic transit"
   description = "example magic transit ruleset description"
   kind        = "root"
@@ -50,7 +50,7 @@ resource "cloudflare_ruleset" "magic_transit_example" {
 
 # Zone-level WAF Managed Ruleset
 resource "cloudflare_ruleset" "zone_level_managed_waf" {
-  zone_id     = "cb029e245cfdd66dc8d2e570d5dd3322"
+  zone_id     = "0da42c8d2132a9ddaf714f9e7c920711"
   name        = "managed WAF"
   description = "managed WAF ruleset description"
   kind        = "zone"
@@ -69,7 +69,7 @@ resource "cloudflare_ruleset" "zone_level_managed_waf" {
 
 # Zone-level WAF with tag-based overrides
 resource "cloudflare_ruleset" "zone_level_managed_waf_with_category_based_overrides" {
-  zone_id     = "cb029e245cfdd66dc8d2e570d5dd3322"
+  zone_id     = "0da42c8d2132a9ddaf714f9e7c920711"
   name        = "managed WAF with tag-based overrides"
   description = "managed WAF with tag-based overrides ruleset description"
   kind        = "zone"
@@ -102,7 +102,7 @@ resource "cloudflare_ruleset" "zone_level_managed_waf_with_category_based_overri
 
 # Rewrite the URI path component to a static path
 resource "cloudflare_ruleset" "transform_uri_rule_path" {
-  zone_id     = "cb029e245cfdd66dc8d2e570d5dd3322"
+  zone_id     = "0da42c8d2132a9ddaf714f9e7c920711"
   name        = "transform rule for URI path"
   description = "change the URI path to a new static path"
   kind        = "zone"
@@ -126,7 +126,7 @@ resource "cloudflare_ruleset" "transform_uri_rule_path" {
 
 # Rewrite the URI query component to a static query
 resource "cloudflare_ruleset" "transform_uri_rule_query" {
-  zone_id     = "cb029e245cfdd66dc8d2e570d5dd3322"
+  zone_id     = "0da42c8d2132a9ddaf714f9e7c920711"
   name        = "transform rule for URI query parameter"
   description = "change the URI query to a new static query"
   kind        = "zone"
@@ -150,7 +150,7 @@ resource "cloudflare_ruleset" "transform_uri_rule_query" {
 
 # Rewrite HTTP headers to a modified values
 resource "cloudflare_ruleset" "transform_uri_http_headers" {
-  zone_id     = "cb029e245cfdd66dc8d2e570d5dd3322"
+  zone_id     = "0da42c8d2132a9ddaf714f9e7c920711"
   name        = "transform rule for HTTP headers"
   description = "modify HTTP headers before reaching origin"
   kind        = "zone"
@@ -185,7 +185,7 @@ resource "cloudflare_ruleset" "transform_uri_http_headers" {
 
 # HTTP rate limit for an API route
 resource "cloudflare_ruleset" "rate_limiting_example" {
-  zone_id     = "cb029e245cfdd66dc8d2e570d5dd3322"
+  zone_id     = "0da42c8d2132a9ddaf714f9e7c920711"
   name        = "restrict API requests count"
   description = "apply HTTP rate limiting for a route"
   kind        = "zone"
@@ -211,7 +211,7 @@ resource "cloudflare_ruleset" "rate_limiting_example" {
 
 # Change origin for an API route
 resource "cloudflare_ruleset" "http_origin_example" {
-  zone_id     = "cb029e245cfdd66dc8d2e570d5dd3322"
+  zone_id     = "0da42c8d2132a9ddaf714f9e7c920711"
   name        = "Change to some origin"
   description = "Change origin for a route"
   kind        = "zone"
@@ -234,7 +234,7 @@ resource "cloudflare_ruleset" "http_origin_example" {
 
 # Custom fields logging
 resource "cloudflare_ruleset" "custom_fields_logging_example" {
-  zone_id     = "cb029e245cfdd66dc8d2e570d5dd3322"
+  zone_id     = "0da42c8d2132a9ddaf714f9e7c920711"
   name        = "log custom fields"
   description = "add custom fields to logging"
   kind        = "zone"
@@ -268,7 +268,7 @@ resource "cloudflare_ruleset" "custom_fields_logging_example" {
 
 # Custom cache keys + settings
 resource "cloudflare_ruleset" "cache_settings_example" {
-  zone_id     = "cb029e245cfdd66dc8d2e570d5dd3322"
+  zone_id     = "0da42c8d2132a9ddaf714f9e7c920711"
   name        = "set cache settings"
   description = "set cache settings for the request"
   kind        = "zone"