From b99bd085a2bb159f00c2a9aa89aff8c553fc5ed8 Mon Sep 17 00:00:00 2001 From: Nicky Semenza Date: Wed, 13 Jul 2022 14:00:34 -0700 Subject: [PATCH 1/6] update misc SSL attributes * remove references to long-deprecated dedicated certs (replaced by `advanced`) * update the list of allowed certificate authorities * fix some of the custom hostname docs copy --- docs/resources/custom_hostname.md | 10 +++++----- .../resource_cloudflare_certificate_pack_test.go | 13 ++++++++----- .../provider/schema_cloudflare_certificate_pack.go | 11 +++++------ .../provider/schema_cloudflare_custom_hostname.go | 2 +- templates/resources/certificate_pack.md | 7 +------ templates/resources/custom_hostname.md | 10 +++++----- 6 files changed, 25 insertions(+), 28 deletions(-) diff --git a/docs/resources/custom_hostname.md b/docs/resources/custom_hostname.md index b03545a77b..64490947a8 100644 --- a/docs/resources/custom_hostname.md +++ b/docs/resources/custom_hostname.md @@ -53,15 +53,15 @@ The following arguments are supported: The following attributes are exported: -- `ownership_verification.type` - Domain control validation (DCV) method used +- `ownership_verification.type` - Cloudflare Custom Hostname verification method used for the hostname. -- `ownership_verification.value` - Domain control validation (DCV) value for +- `ownership_verification.value` - Domain control validation value for confirming ownership. Example, "\_cf-custom-hostname.example.com` -- `ownership_verification.name` - Domain control validation (DCV) name +- `ownership_verification.name` - Cloudflare Custom Hostname verification name confirming ownership. Example, "03f28e11-fa64-4966-bb1e-dd2423e16f36"` -- `ownership_verification_http.http_url` - Domain control validation (DCV) URL for +- `ownership_verification_http.http_url` - Cloudflare Custom Hostname verification URL for confirming ownership. Example, `http://hostname.example.com/.well-known/cf-custom-hostname-challenge/643395f9-de80-42f5-a2a0-e03ff60cf2a7` -- `ownership_verification_http.http_body` - Domain control validation (DCV) body for +- `ownership_verification_http.http_body` - Cloudflare Custom Hostname verification body for confirming ownership. Example, `03f28e11-fa64-4966-bb1e-dd2423e16f36` ## Import diff --git a/internal/provider/resource_cloudflare_certificate_pack_test.go b/internal/provider/resource_cloudflare_certificate_pack_test.go index 367f22ec37..925cad911d 100644 --- a/internal/provider/resource_cloudflare_certificate_pack_test.go +++ b/internal/provider/resource_cloudflare_certificate_pack_test.go @@ -144,10 +144,10 @@ func TestAccCertificatePack_DedicatedCustom(t *testing.T) { ProviderFactories: providerFactories, Steps: []resource.TestStep{ { - Config: testAccCertificatePackDedicatedCustomConfig(zoneID, domain, "dedicated_custom", rnd), + Config: testAccCertificatePackAdvancedConfig(zoneID, domain, rnd), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(name, "zone_id", zoneID), - resource.TestCheckResourceAttr(name, "type", "dedicated_custom"), + resource.TestCheckResourceAttr(name, "type", "advanced"), resource.TestCheckResourceAttr(name, "hosts.#", "2"), ), }, @@ -155,16 +155,19 @@ func TestAccCertificatePack_DedicatedCustom(t *testing.T) { }) } -func testAccCertificatePackDedicatedCustomConfig(zoneID, domain, certType, rnd string) string { +func testAccCertificatePackAdvancedConfig(zoneID, domain, rnd string) string { return fmt.Sprintf(` resource "cloudflare_certificate_pack" "%[3]s" { + validity_days = 90, + certificate_authority = "lets_encrypt", + validation_method = "txt" zone_id = "%[1]s" - type = "%[4]s" + type = "advanced" hosts = [ "%[3]s.%[2]s", "%[2]s" ] -}`, zoneID, domain, rnd, certType) +}`, zoneID, domain, rnd) } func TestAccCertificatePack_WaitForActive(t *testing.T) { diff --git a/internal/provider/schema_cloudflare_certificate_pack.go b/internal/provider/schema_cloudflare_certificate_pack.go index 93ab6fa5b5..ced94f629b 100644 --- a/internal/provider/schema_cloudflare_certificate_pack.go +++ b/internal/provider/schema_cloudflare_certificate_pack.go @@ -17,7 +17,7 @@ func resourceCloudflareCertificatePackSchema() map[string]*schema.Schema { Type: schema.TypeString, Required: true, ForceNew: true, - ValidateFunc: validation.StringInSlice([]string{"custom", "dedicated_custom", "advanced"}, false), + ValidateFunc: validation.StringInSlice([]string{"advanced"}, false), }, "hosts": { Type: schema.TypeSet, @@ -29,22 +29,21 @@ func resourceCloudflareCertificatePackSchema() map[string]*schema.Schema { }, "validation_method": { Type: schema.TypeString, - Optional: true, + Required: true, ForceNew: true, ValidateFunc: validation.StringInSlice([]string{"txt", "http", "email"}, false), }, "validity_days": { Type: schema.TypeInt, - Optional: true, + Required: true, ForceNew: true, ValidateFunc: validation.IntInSlice([]int{14, 30, 90, 365}), }, "certificate_authority": { Type: schema.TypeString, - Optional: true, - Computed: true, + Required: true, ForceNew: true, - ValidateFunc: validation.StringInSlice([]string{"digicert", "lets_encrypt"}, false), + ValidateFunc: validation.StringInSlice([]string{"digicert", "lets_encrypt", "google"}, false), Default: nil, }, "validation_records": { diff --git a/internal/provider/schema_cloudflare_custom_hostname.go b/internal/provider/schema_cloudflare_custom_hostname.go index 6be54969ad..37901169d1 100644 --- a/internal/provider/schema_cloudflare_custom_hostname.go +++ b/internal/provider/schema_cloudflare_custom_hostname.go @@ -52,7 +52,7 @@ func resourceCloudflareCustomHostnameSchema() map[string]*schema.Schema { Type: schema.TypeString, Optional: true, Computed: true, - ValidateFunc: validation.StringInSlice([]string{"lets_encrypt", "digicert"}, false), + ValidateFunc: validation.StringInSlice([]string{"lets_encrypt", "digicert", "google"}, false), Default: nil, }, "validation_records": { diff --git a/templates/resources/certificate_pack.md b/templates/resources/certificate_pack.md index 454f80b853..58be46c0fb 100644 --- a/templates/resources/certificate_pack.md +++ b/templates/resources/certificate_pack.md @@ -21,11 +21,6 @@ you've confirmed the certificate is available. ## Example Usage ```hcl -resource "cloudflare_certificate_pack" "dedicated_custom_example" { - zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" - type = "dedicated_custom" - hosts = ["example.com", "sub.example.com"] -} # Advanced certificate manager for DigiCert resource "cloudflare_certificate_pack" "advanced_example_for_digicert" { @@ -57,7 +52,7 @@ The following arguments are supported: - `zone_id` - (Required) The DNS zone to which the certificate pack should be added. - `type` - (Required) Certificate pack configuration type. - Allowed values: `"custom"`, `"dedicated_custom"`, `"advanced"`. + Allowed values: `"advanced"`. - `hosts` - (Required) List of hostnames to provision the certificate pack for. The zone name must be included as a host. Note: If using Let's Encrypt, you cannot use individual subdomains and only a wildcard for subdomain is available. diff --git a/templates/resources/custom_hostname.md b/templates/resources/custom_hostname.md index b03545a77b..64490947a8 100644 --- a/templates/resources/custom_hostname.md +++ b/templates/resources/custom_hostname.md @@ -53,15 +53,15 @@ The following arguments are supported: The following attributes are exported: -- `ownership_verification.type` - Domain control validation (DCV) method used +- `ownership_verification.type` - Cloudflare Custom Hostname verification method used for the hostname. -- `ownership_verification.value` - Domain control validation (DCV) value for +- `ownership_verification.value` - Domain control validation value for confirming ownership. Example, "\_cf-custom-hostname.example.com` -- `ownership_verification.name` - Domain control validation (DCV) name +- `ownership_verification.name` - Cloudflare Custom Hostname verification name confirming ownership. Example, "03f28e11-fa64-4966-bb1e-dd2423e16f36"` -- `ownership_verification_http.http_url` - Domain control validation (DCV) URL for +- `ownership_verification_http.http_url` - Cloudflare Custom Hostname verification URL for confirming ownership. Example, `http://hostname.example.com/.well-known/cf-custom-hostname-challenge/643395f9-de80-42f5-a2a0-e03ff60cf2a7` -- `ownership_verification_http.http_body` - Domain control validation (DCV) body for +- `ownership_verification_http.http_body` - Cloudflare Custom Hostname verification body for confirming ownership. Example, `03f28e11-fa64-4966-bb1e-dd2423e16f36` ## Import From 5174da321a8ceb2e6df09ee4c73445a155ca2826 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Mon, 18 Jul 2022 10:21:34 +1000 Subject: [PATCH 2/6] add CHANGELOG --- .changelog/1778.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .changelog/1778.txt diff --git a/.changelog/1778.txt b/.changelog/1778.txt new file mode 100644 index 0000000000..f2749ab873 --- /dev/null +++ b/.changelog/1778.txt @@ -0,0 +1,11 @@ +```release-note:note +resource/cloudflare_certificate_pack: remove references to long-deprecated dedicated certs (replaced by `advanced`) +``` + +```release-note:enhancement +resource/cloudflare_certificate_pack: update the list of allowed certificate authorities +``` + +```release-note:enhancement +resource/cloudflare_certificate_pack: fix some of the custom hostname docs copy +``` From 6e21ac8a3837ba9206cfe914b5c37efd173ae07a Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Mon, 18 Jul 2022 10:23:03 +1000 Subject: [PATCH 3/6] resource/cloudflare_certificate_pack: swap to autogenerated documentation --- docs/resources/certificate_pack.md | 117 ++++++++++-------- .../cloudflare_certificate_pack/import.sh | 1 + .../cloudflare_certificate_pack/resource.tf | 22 ++++ .../resource_cloudflare_certificate_pack.go | 1 + .../schema_cloudflare_certificate_pack.go | 23 ++-- templates/resources/certificate_pack.md | 81 ------------ templates/resources/certificate_pack.md.tmpl | 34 +++++ 7 files changed, 140 insertions(+), 139 deletions(-) create mode 100644 examples/resources/cloudflare_certificate_pack/import.sh create mode 100644 examples/resources/cloudflare_certificate_pack/resource.tf delete mode 100644 templates/resources/certificate_pack.md create mode 100644 templates/resources/certificate_pack.md.tmpl diff --git a/docs/resources/certificate_pack.md b/docs/resources/certificate_pack.md index 454f80b853..0d600af6c1 100644 --- a/docs/resources/certificate_pack.md +++ b/docs/resources/certificate_pack.md @@ -1,15 +1,15 @@ --- -layout: "cloudflare" -page_title: "Cloudflare: cloudflare_certificate_pack" -description: Provides a Cloudflare Certificate Pack resource. +page_title: "cloudflare_certificate_pack Resource - Cloudflare" +subcategory: "" +description: |- + Provides a Cloudflare Certificate Pack resource that is used to provision managed TLS certificates. --- -# cloudflare_certificate_pack +# cloudflare_certificate_pack (Resource) -Provides a Cloudflare Certificate Pack resource that is used to provision -managed TLS certificates. +Provides a Cloudflare Certificate Pack resource that is used to provision managed TLS certificates. -~> **Important:** Certificate packs are not able to be updated in place and if +~> Certificate packs are not able to be updated in place and if you require a zero downtime rotation, you need to use Terraform's meta-arguments for [`lifecycle`](https://www.terraform.io/docs/configuration/resources.html#lifecycle-lifecycle-customizations) blocks. `create_before_destroy` should be suffice for most scenarios (exceptions are @@ -20,15 +20,9 @@ you've confirmed the certificate is available. ## Example Usage -```hcl -resource "cloudflare_certificate_pack" "dedicated_custom_example" { - zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" - type = "dedicated_custom" - hosts = ["example.com", "sub.example.com"] -} - +```terraform # Advanced certificate manager for DigiCert -resource "cloudflare_certificate_pack" "advanced_example_for_digicert" { +resource "cloudflare_certificate_pack" "example" { zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" type = "advanced" hosts = ["example.com", "sub.example.com"] @@ -39,48 +33,69 @@ resource "cloudflare_certificate_pack" "advanced_example_for_digicert" { } # Advanced certificate manager for Let's Encrypt -resource "cloudflare_certificate_pack" "advanced_example_for_lets_encrypt" { - zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" - type = "advanced" - hosts = ["example.com", "*.example.com"] - validation_method = "http" - validity_days = 90 - certificate_authority = "lets_encrypt" - cloudflare_branding = false +resource "cloudflare_certificate_pack" "example" { + zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" + type = "advanced" + hosts = ["example.com", "*.example.com"] + validation_method = "http" + validity_days = 90 + certificate_authority = "lets_encrypt" + cloudflare_branding = false wait_for_active_status = true } ``` -## Argument Reference - -The following arguments are supported: - -- `zone_id` - (Required) The DNS zone to which the certificate pack should be added. -- `type` - (Required) Certificate pack configuration type. - Allowed values: `"custom"`, `"dedicated_custom"`, `"advanced"`. -- `hosts` - (Required) List of hostnames to provision the certificate pack for. - The zone name must be included as a host. Note: If using Let's Encrypt, you - cannot use individual subdomains and only a wildcard for subdomain is available. -- `validation_method` - (Optional based on `type`) Which validation method to - use in order to prove domain ownership. Allowed values: `"txt"`, `"http"`, `"email"`. -- `validity_days` - (Optional based on `type`) How long the certificate is valid - for. Note: If using Let's Encrypt, this value can only be 90 days. - Allowed values: 14, 30, 90, 365. -- `certificate_authority` - (Optional based on `type`) Which certificate - authority to issue the certificate pack. Allowed values: `"digicert"`, - `"lets_encrypt"`. -- `cloudflare_branding` - (Optional based on `type`) Whether or not to include - Cloudflare branding. This will add `sni.cloudflaressl.com` as the Common Name - if set to `true`. -- `wait_for_active_status` - (Optional) Whether or not to wait for a certificate - pack to reach status `active` during creation. Defaults to `false`. + +## Schema + +### Required + +- `certificate_authority` (String) Which certificate authority to issue the certificate pack. Available values: `digicert`, `lets_encrypt`, `google`. +- `hosts` (Set of String) List of hostnames to provision the certificate pack for. The zone name must be included as a host. Note: If using Let's Encrypt, you cannot use individual subdomains and only a wildcard for subdomain is available. +- `type` (String) Certificate pack configuration type. Available values: `advanced`. +- `validation_method` (String) Which validation method to use in order to prove domain ownership. Available values: `txt`, `http`, `email`. +- `validity_days` (Number) How long the certificate is valid for. Note: If using Let's Encrypt, this value can only be 90 days. Available values: `14`, `30`, `90`, `365`. +- `zone_id` (String) The zone identifier to target for the resource. + +### Optional + +- `cloudflare_branding` (Boolean) Whether or not to include Cloudflare branding. This will add `sni.cloudflaressl.com` as the Common Name if set to `true`. +- `validation_records` (Block List) (see [below for nested schema](#nestedblock--validation_records)) +- `wait_for_active_status` (Boolean) Whether or not to wait for a certificate pack to reach status `active` during creation. Defaults to `false`. + +### Read-Only + +- `id` (String) The ID of this resource. +- `validation_errors` (Block List) (see [below for nested schema](#nestedblock--validation_errors)) + + +### Nested Schema for `validation_records` + +Optional: + +- `cname_name` (String) +- `cname_target` (String) +- `emails` (List of String) +- `http_body` (String) +- `http_url` (String) +- `txt_name` (String) +- `txt_value` (String) + + + +### Nested Schema for `validation_errors` + +Read-Only: + +- `message` (String) ## Import -Certificate packs can be imported using a composite ID of the zone ID and -certificate pack ID. This isn't recommended and it is advised to replace the -certificate entirely instead. +Import is supported using the following syntax: +```shell +$ terraform import cloudflare_certificate_pack.example 1d5fdc9e88c8a8c4518b068cd94331fe/8fda82e2-6af9-4eb2-992a-5ab65b792ef1 ``` -$ terraform import cloudflare_certificate_pack.example cb029e245cfdd66dc8d2e570d5dd3322/8fda82e2-6af9-4eb2-992a-5ab65b792ef1 -``` + +While supported, importing isn't recommended and it is advised to replace the +certificate entirely instead. diff --git a/examples/resources/cloudflare_certificate_pack/import.sh b/examples/resources/cloudflare_certificate_pack/import.sh new file mode 100644 index 0000000000..a9feb33853 --- /dev/null +++ b/examples/resources/cloudflare_certificate_pack/import.sh @@ -0,0 +1 @@ +$ terraform import cloudflare_certificate_pack.example 1d5fdc9e88c8a8c4518b068cd94331fe/8fda82e2-6af9-4eb2-992a-5ab65b792ef1 diff --git a/examples/resources/cloudflare_certificate_pack/resource.tf b/examples/resources/cloudflare_certificate_pack/resource.tf new file mode 100644 index 0000000000..0f1a297fc0 --- /dev/null +++ b/examples/resources/cloudflare_certificate_pack/resource.tf @@ -0,0 +1,22 @@ +# Advanced certificate manager for DigiCert +resource "cloudflare_certificate_pack" "example" { + zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" + type = "advanced" + hosts = ["example.com", "sub.example.com"] + validation_method = "txt" + validity_days = 30 + certificate_authority = "digicert" + cloudflare_branding = false +} + +# Advanced certificate manager for Let's Encrypt +resource "cloudflare_certificate_pack" "example" { + zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" + type = "advanced" + hosts = ["example.com", "*.example.com"] + validation_method = "http" + validity_days = 90 + certificate_authority = "lets_encrypt" + cloudflare_branding = false + wait_for_active_status = true +} diff --git a/internal/provider/resource_cloudflare_certificate_pack.go b/internal/provider/resource_cloudflare_certificate_pack.go index b003ef49ca..229a2f5fba 100644 --- a/internal/provider/resource_cloudflare_certificate_pack.go +++ b/internal/provider/resource_cloudflare_certificate_pack.go @@ -24,6 +24,7 @@ func resourceCloudflareCertificatePack() *schema.Resource { Importer: &schema.ResourceImporter{ StateContext: resourceCloudflareCertificatePackImport, }, + Description: "Provides a Cloudflare Certificate Pack resource that is used to provision managed TLS certificates.", } } diff --git a/internal/provider/schema_cloudflare_certificate_pack.go b/internal/provider/schema_cloudflare_certificate_pack.go index ced94f629b..cf6b1189a0 100644 --- a/internal/provider/schema_cloudflare_certificate_pack.go +++ b/internal/provider/schema_cloudflare_certificate_pack.go @@ -1,6 +1,8 @@ package provider import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) @@ -18,6 +20,7 @@ func resourceCloudflareCertificatePackSchema() map[string]*schema.Schema { Required: true, ForceNew: true, ValidateFunc: validation.StringInSlice([]string{"advanced"}, false), + Description: fmt.Sprintf("Certificate pack configuration type. %s", renderAvailableDocumentationValuesStringSlice([]string{"advanced"})), }, "hosts": { Type: schema.TypeSet, @@ -26,18 +29,21 @@ func resourceCloudflareCertificatePackSchema() map[string]*schema.Schema { Elem: &schema.Schema{ Type: schema.TypeString, }, + Description: "List of hostnames to provision the certificate pack for. The zone name must be included as a host. Note: If using Let's Encrypt, you cannot use individual subdomains and only a wildcard for subdomain is available.", }, "validation_method": { Type: schema.TypeString, Required: true, ForceNew: true, ValidateFunc: validation.StringInSlice([]string{"txt", "http", "email"}, false), + Description: fmt.Sprintf("Which validation method to use in order to prove domain ownership. %s", renderAvailableDocumentationValuesStringSlice([]string{"txt", "http", "email"})), }, "validity_days": { Type: schema.TypeInt, Required: true, ForceNew: true, ValidateFunc: validation.IntInSlice([]int{14, 30, 90, 365}), + Description: fmt.Sprintf("How long the certificate is valid for. Note: If using Let's Encrypt, this value can only be 90 days. %s", renderAvailableDocumentationValuesIntSlice([]int{14, 30, 90, 365})), }, "certificate_authority": { Type: schema.TypeString, @@ -45,6 +51,7 @@ func resourceCloudflareCertificatePackSchema() map[string]*schema.Schema { ForceNew: true, ValidateFunc: validation.StringInSlice([]string{"digicert", "lets_encrypt", "google"}, false), Default: nil, + Description: fmt.Sprintf("Which certificate authority to issue the certificate pack. %s", renderAvailableDocumentationValuesStringSlice([]string{"digicert", "lets_encrypt", "google"})), }, "validation_records": { Type: schema.TypeList, @@ -59,15 +66,17 @@ func resourceCloudflareCertificatePackSchema() map[string]*schema.Schema { Elem: sslValidationErrorsSchema(), }, "cloudflare_branding": { - Type: schema.TypeBool, - Optional: true, - ForceNew: true, + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Description: "Whether or not to include Cloudflare branding. This will add `sni.cloudflaressl.com` as the Common Name if set to `true`.", }, "wait_for_active_status": { - Type: schema.TypeBool, - ForceNew: true, - Optional: true, - Default: false, + Type: schema.TypeBool, + ForceNew: true, + Optional: true, + Default: false, + Description: "Whether or not to wait for a certificate pack to reach status `active` during creation.", }, } } diff --git a/templates/resources/certificate_pack.md b/templates/resources/certificate_pack.md deleted file mode 100644 index 58be46c0fb..0000000000 --- a/templates/resources/certificate_pack.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -layout: "cloudflare" -page_title: "Cloudflare: cloudflare_certificate_pack" -description: Provides a Cloudflare Certificate Pack resource. ---- - -# cloudflare_certificate_pack - -Provides a Cloudflare Certificate Pack resource that is used to provision -managed TLS certificates. - -~> **Important:** Certificate packs are not able to be updated in place and if -you require a zero downtime rotation, you need to use Terraform's meta-arguments -for [`lifecycle`](https://www.terraform.io/docs/configuration/resources.html#lifecycle-lifecycle-customizations) blocks. -`create_before_destroy` should be suffice for most scenarios (exceptions are -things like missing entitlements, high ranking domain). To completely -de-risk rotations, use you can create multiple resources using a 2-phase change -where you have both resources live at once and you remove the old one once -you've confirmed the certificate is available. - -## Example Usage - -```hcl - -# Advanced certificate manager for DigiCert -resource "cloudflare_certificate_pack" "advanced_example_for_digicert" { - zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" - type = "advanced" - hosts = ["example.com", "sub.example.com"] - validation_method = "txt" - validity_days = 30 - certificate_authority = "digicert" - cloudflare_branding = false -} - -# Advanced certificate manager for Let's Encrypt -resource "cloudflare_certificate_pack" "advanced_example_for_lets_encrypt" { - zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" - type = "advanced" - hosts = ["example.com", "*.example.com"] - validation_method = "http" - validity_days = 90 - certificate_authority = "lets_encrypt" - cloudflare_branding = false - wait_for_active_status = true -} -``` - -## Argument Reference - -The following arguments are supported: - -- `zone_id` - (Required) The DNS zone to which the certificate pack should be added. -- `type` - (Required) Certificate pack configuration type. - Allowed values: `"advanced"`. -- `hosts` - (Required) List of hostnames to provision the certificate pack for. - The zone name must be included as a host. Note: If using Let's Encrypt, you - cannot use individual subdomains and only a wildcard for subdomain is available. -- `validation_method` - (Optional based on `type`) Which validation method to - use in order to prove domain ownership. Allowed values: `"txt"`, `"http"`, `"email"`. -- `validity_days` - (Optional based on `type`) How long the certificate is valid - for. Note: If using Let's Encrypt, this value can only be 90 days. - Allowed values: 14, 30, 90, 365. -- `certificate_authority` - (Optional based on `type`) Which certificate - authority to issue the certificate pack. Allowed values: `"digicert"`, - `"lets_encrypt"`. -- `cloudflare_branding` - (Optional based on `type`) Whether or not to include - Cloudflare branding. This will add `sni.cloudflaressl.com` as the Common Name - if set to `true`. -- `wait_for_active_status` - (Optional) Whether or not to wait for a certificate - pack to reach status `active` during creation. Defaults to `false`. - -## Import - -Certificate packs can be imported using a composite ID of the zone ID and -certificate pack ID. This isn't recommended and it is advised to replace the -certificate entirely instead. - -``` -$ terraform import cloudflare_certificate_pack.example cb029e245cfdd66dc8d2e570d5dd3322/8fda82e2-6af9-4eb2-992a-5ab65b792ef1 -``` diff --git a/templates/resources/certificate_pack.md.tmpl b/templates/resources/certificate_pack.md.tmpl new file mode 100644 index 0000000000..955aab962a --- /dev/null +++ b/templates/resources/certificate_pack.md.tmpl @@ -0,0 +1,34 @@ +--- +page_title: "{{.Name}} {{.Type}} - {{.RenderedProviderName}}" +subcategory: "" +description: |- +{{ .Description | plainmarkdown | trimspace | prefixlines " " }} +--- + +# {{.Name}} ({{.Type}}) + +{{ .Description | trimspace }} + +~> Certificate packs are not able to be updated in place and if +you require a zero downtime rotation, you need to use Terraform's meta-arguments +for [`lifecycle`](https://www.terraform.io/docs/configuration/resources.html#lifecycle-lifecycle-customizations) blocks. +`create_before_destroy` should be suffice for most scenarios (exceptions are +things like missing entitlements, high ranking domain). To completely +de-risk rotations, use you can create multiple resources using a 2-phase change +where you have both resources live at once and you remove the old one once +you've confirmed the certificate is available. + +## Example Usage + +{{ tffile (printf "%s%s%s" "examples/resources/" .Name "/resource.tf") }} + +{{ .SchemaMarkdown | trimspace }} + +## Import + +Import is supported using the following syntax: + +{{ codefile "shell" (printf "%s%s%s" "examples/resources/" .Name "/import.sh") }} + +While supported, importing isn't recommended and it is advised to replace the +certificate entirely instead. From 5840c246979daeac65207339e17085e2b0fc1771 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Mon, 18 Jul 2022 10:33:49 +1000 Subject: [PATCH 4/6] resource/cloudflare_custom_hostname: swap to autogenerated docs --- docs/resources/custom_hostname.md | 119 +++++++++++------- .../cloudflare_custom_hostname/import.sh | 1 + .../cloudflare_custom_hostname/resource.tf | 7 ++ .../resource_cloudflare_custom_hostname.go | 1 + .../schema_cloudflare_custom_hostname.go | 52 +++++--- templates/resources/custom_hostname.md | 74 ----------- 6 files changed, 117 insertions(+), 137 deletions(-) create mode 100644 examples/resources/cloudflare_custom_hostname/import.sh create mode 100644 examples/resources/cloudflare_custom_hostname/resource.tf delete mode 100644 templates/resources/custom_hostname.md diff --git a/docs/resources/custom_hostname.md b/docs/resources/custom_hostname.md index 64490947a8..354576fa41 100644 --- a/docs/resources/custom_hostname.md +++ b/docs/resources/custom_hostname.md @@ -1,74 +1,101 @@ --- -layout: "cloudflare" -page_title: "Cloudflare: cloudflare_custom_hostname" -description: Provides a Cloudflare custom hostname resource. +page_title: "cloudflare_custom_hostname Resource - Cloudflare" +subcategory: "" +description: |- + Provides a Cloudflare custom hostname (also known as SSL for SaaS) resource. --- -# cloudflare_custom_hostname +# cloudflare_custom_hostname (Resource) Provides a Cloudflare custom hostname (also known as SSL for SaaS) resource. ## Example Usage -```hcl -resource "cloudflare_custom_hostname" "example_hostname" { - zone_id = "d41d8cd98f00b204e9800998ecf8427e" +```terraform +resource "cloudflare_custom_hostname" "example" { + zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" hostname = "hostname.example.com" ssl { method = "txt" } } ``` + +## Schema -## Argument Reference +### Required -The following arguments are supported: +- `hostname` (String) Hostname you intend to request a certificate for. +- `zone_id` (String) The zone identifier to target for the resource. -- `zone_id` - (Required) The DNS zone ID where the custom hostname should be assigned. -- `hostname` - (Required) Hostname you intend to request a certificate for. -- `custom_origin_server` - (Optional) The custom origin server used for certificates. -- `custom_origin_sni` - (Optional) The [custom origin SNI](https://developers.cloudflare.com/ssl/ssl-for-saas/hostname-specific-behavior/custom-origin) used for certificates. -- `ssl` - (Required) SSL configuration of the certificate. See further notes below. +### Optional -**ssl** block supports: +- `custom_origin_server` (String) The custom origin server used for certificates. +- `custom_origin_sni` (String) The [custom origin SNI](https://developers.cloudflare.com/ssl/ssl-for-saas/hostname-specific-behavior/custom-origin) used for certificates. +- `ssl` (Block List) SSL configuration of the certificate. (see [below for nested schema](#nestedblock--ssl)) -- `method` - (Required) Domain control validation (DCV) method used for this - hostname. Valid values are `"txt"`, `"http"` and `"email"`. -- `type` - (Required) Level of validation to be used for this hostname. Domain validation ("dv") must be used. -- `wildcard` - (Required) Indicates whether the certificate covers a wildcard. -- `custom_certificate` - (Optional) If a custom uploaded certificate is used. -- `custom_key` - (Optional) The key for a custom uploaded certificate. -- `settings` - (Required) SSL/TLS settings for the certificate. See further notes below. +### Read-Only -**settings** block supports: +- `id` (String) The ID of this resource. +- `ownership_verification` (Map of String) +- `ownership_verification_http` (Map of String) +- `status` (String) Status of the certificate. -- `http2` - (Optional) Whether or not HTTP2 should be supported. Valid values are `"on"` or `"off"`. -- `tls13` - (Optional) Whether or not TLSv1.3 should be supported. Valid values are `"on"` or `"off"`. -- `min_tls_version` - (Optional) Lowest version of TLS this certificate should - support. Valid values are `"1.0"`, `"1.1"`, `"1.2"` and `"1.3"`. -- `ciphers` - (Optional) List of SSL/TLS ciphers to associate with this certificate. -- `early_hints` - (Optional) Whether or not early hints should be supported. Valid values are `"on"` or `"off"`. + +### Nested Schema for `ssl` -## Attributes Reference +Optional: -The following attributes are exported: +- `certificate_authority` (String) +- `custom_certificate` (String) If a custom uploaded certificate is used. +- `custom_key` (String) The key for a custom uploaded certificate. +- `method` (String) Domain control validation (DCV) method used for this hostname. Available values: `http`, `txt`, `email`. +- `settings` (Block List) SSL/TLS settings for the certificate. (see [below for nested schema](#nestedblock--ssl--settings)) +- `type` (String) Level of validation to be used for this hostname. Available values: `dv`. Defaults to `dv`. +- `wildcard` (Boolean) Indicates whether the certificate covers a wildcard. -- `ownership_verification.type` - Cloudflare Custom Hostname verification method used - for the hostname. -- `ownership_verification.value` - Domain control validation value for - confirming ownership. Example, "\_cf-custom-hostname.example.com` -- `ownership_verification.name` - Cloudflare Custom Hostname verification name - confirming ownership. Example, "03f28e11-fa64-4966-bb1e-dd2423e16f36"` -- `ownership_verification_http.http_url` - Cloudflare Custom Hostname verification URL for - confirming ownership. Example, `http://hostname.example.com/.well-known/cf-custom-hostname-challenge/643395f9-de80-42f5-a2a0-e03ff60cf2a7` -- `ownership_verification_http.http_body` - Cloudflare Custom Hostname verification body for - confirming ownership. Example, `03f28e11-fa64-4966-bb1e-dd2423e16f36` +Read-Only: -## Import +- `status` (String) +- `validation_errors` (List of Object) (see [below for nested schema](#nestedatt--ssl--validation_errors)) +- `validation_records` (List of Object) (see [below for nested schema](#nestedatt--ssl--validation_records)) -Custom hostname certificates can be imported using a composite ID formed of the zone ID and [hostname ID](https://api.cloudflare.com/#custom-hostname-for-a-zone-properties), -separated by a "/" e.g. + +### Nested Schema for `ssl.settings` -``` -$ terraform import cloudflare_custom_hostname.example d41d8cd98f00b204e9800998ecf8427e/0d89c70d-ad9f-4843-b99f-6cc0252067e9 +Optional: + +- `ciphers` (Set of String) List of SSL/TLS ciphers to associate with this certificate. +- `early_hints` (String) Whether early hints should be supported. Available values: `on`, `off`. +- `http2` (String) Whether HTTP2 should be supported. Available values: `on`, `off`. +- `min_tls_version` (String) Lowest version of TLS this certificate should support. Available values: `1.0`, `1.1`, `1.2`, `1.3`. +- `tls13` (String) Whether TLSv1.3 should be supported. Available values: `on`, `off`. + + + +### Nested Schema for `ssl.validation_errors` + +Read-Only: + +- `message` (String) + + + +### Nested Schema for `ssl.validation_records` + +Read-Only: + +- `cname_name` (String) +- `cname_target` (String) +- `emails` (List of String) +- `http_body` (String) +- `http_url` (String) +- `txt_name` (String) +- `txt_value` (String) + +## Import + +Import is supported using the following syntax: +```shell +$ terraform import cloudflare_custom_hostname.example 1d5fdc9e88c8a8c4518b068cd94331fe/0d89c70d-ad9f-4843-b99f-6cc0252067e9 ``` diff --git a/examples/resources/cloudflare_custom_hostname/import.sh b/examples/resources/cloudflare_custom_hostname/import.sh new file mode 100644 index 0000000000..f1063c3b3c --- /dev/null +++ b/examples/resources/cloudflare_custom_hostname/import.sh @@ -0,0 +1 @@ +$ terraform import cloudflare_custom_hostname.example 1d5fdc9e88c8a8c4518b068cd94331fe/0d89c70d-ad9f-4843-b99f-6cc0252067e9 diff --git a/examples/resources/cloudflare_custom_hostname/resource.tf b/examples/resources/cloudflare_custom_hostname/resource.tf new file mode 100644 index 0000000000..0ed044a2a7 --- /dev/null +++ b/examples/resources/cloudflare_custom_hostname/resource.tf @@ -0,0 +1,7 @@ +resource "cloudflare_custom_hostname" "example" { + zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" + hostname = "hostname.example.com" + ssl { + method = "txt" + } +} diff --git a/internal/provider/resource_cloudflare_custom_hostname.go b/internal/provider/resource_cloudflare_custom_hostname.go index d8558aeff5..ef9fd17810 100644 --- a/internal/provider/resource_cloudflare_custom_hostname.go +++ b/internal/provider/resource_cloudflare_custom_hostname.go @@ -23,6 +23,7 @@ func resourceCloudflareCustomHostname() *schema.Resource { Importer: &schema.ResourceImporter{ StateContext: resourceCloudflareCustomHostnameImport, }, + Description: "Provides a Cloudflare custom hostname (also known as SSL for SaaS) resource.", } } diff --git a/internal/provider/schema_cloudflare_custom_hostname.go b/internal/provider/schema_cloudflare_custom_hostname.go index 37901169d1..7aad01db45 100644 --- a/internal/provider/schema_cloudflare_custom_hostname.go +++ b/internal/provider/schema_cloudflare_custom_hostname.go @@ -1,6 +1,8 @@ package provider import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) @@ -18,18 +20,22 @@ func resourceCloudflareCustomHostnameSchema() map[string]*schema.Schema { Required: true, ForceNew: true, ValidateFunc: validation.StringLenBetween(0, 255), + Description: "Hostname you intend to request a certificate for.", }, "custom_origin_server": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + Description: "The custom origin server used for certificates.", }, "custom_origin_sni": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + Description: "The [custom origin SNI](https://developers.cloudflare.com/ssl/ssl-for-saas/hostname-specific-behavior/custom-origin) used for certificates.", }, "ssl": { - Type: schema.TypeList, - Optional: true, + Type: schema.TypeList, + Optional: true, + Description: "SSL configuration of the certificate.", Elem: &schema.Resource{ SchemaVersion: 1, Schema: map[string]*schema.Schema{ @@ -41,12 +47,14 @@ func resourceCloudflareCustomHostnameSchema() map[string]*schema.Schema { Type: schema.TypeString, Optional: true, ValidateFunc: validation.StringInSlice([]string{"http", "txt", "email"}, false), + Description: fmt.Sprintf("Domain control validation (DCV) method used for this hostname. %s", renderAvailableDocumentationValuesStringSlice([]string{"http", "txt", "email"})), }, "type": { Type: schema.TypeString, Optional: true, Default: "dv", ValidateFunc: validation.StringInSlice([]string{"dv"}, false), + Description: fmt.Sprintf("Level of validation to be used for this hostname. %s", renderAvailableDocumentationValuesStringSlice([]string{"dv"})), }, "certificate_authority": { Type: schema.TypeString, @@ -66,21 +74,25 @@ func resourceCloudflareCustomHostnameSchema() map[string]*schema.Schema { Elem: sslValidationErrorsSchema(), }, "wildcard": { - Type: schema.TypeBool, - Optional: true, + Type: schema.TypeBool, + Optional: true, + Description: "Indicates whether the certificate covers a wildcard.", }, "custom_certificate": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + Description: "If a custom uploaded certificate is used.", }, "custom_key": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + Description: "The key for a custom uploaded certificate.", }, "settings": { - Type: schema.TypeList, - Optional: true, - Computed: true, + Type: schema.TypeList, + Optional: true, + Computed: true, + Description: "SSL/TLS settings for the certificate.", Elem: &schema.Resource{ SchemaVersion: 1, Schema: map[string]*schema.Schema{ @@ -88,16 +100,19 @@ func resourceCloudflareCustomHostnameSchema() map[string]*schema.Schema { Type: schema.TypeString, Optional: true, ValidateFunc: validation.StringInSlice([]string{"on", "off"}, false), + Description: fmt.Sprintf("Whether HTTP2 should be supported. %s", renderAvailableDocumentationValuesStringSlice([]string{"on", "off"})), }, "tls13": { Type: schema.TypeString, Optional: true, ValidateFunc: validation.StringInSlice([]string{"on", "off"}, false), + Description: fmt.Sprintf("Whether TLSv1.3 should be supported. %s", renderAvailableDocumentationValuesStringSlice([]string{"on", "off"})), }, "min_tls_version": { Type: schema.TypeString, Optional: true, ValidateFunc: validation.StringInSlice([]string{"1.0", "1.1", "1.2", "1.3"}, false), + Description: fmt.Sprintf("Lowest version of TLS this certificate should support. %s", renderAvailableDocumentationValuesStringSlice([]string{"1.0", "1.1", "1.2", "1.3"})), }, "ciphers": { Type: schema.TypeSet, @@ -105,11 +120,13 @@ func resourceCloudflareCustomHostnameSchema() map[string]*schema.Schema { Elem: &schema.Schema{ Type: schema.TypeString, }, + Description: "List of SSL/TLS ciphers to associate with this certificate.", }, "early_hints": { Type: schema.TypeString, Optional: true, ValidateFunc: validation.StringInSlice([]string{"on", "off"}, false), + Description: fmt.Sprintf("Whether early hints should be supported. %s", renderAvailableDocumentationValuesStringSlice([]string{"on", "off"})), }, }, }, @@ -118,8 +135,9 @@ func resourceCloudflareCustomHostnameSchema() map[string]*schema.Schema { }, }, "status": { - Type: schema.TypeString, - Computed: true, + Type: schema.TypeString, + Computed: true, + Description: "Status of the certificate.", }, "ownership_verification": { Type: schema.TypeMap, diff --git a/templates/resources/custom_hostname.md b/templates/resources/custom_hostname.md deleted file mode 100644 index 64490947a8..0000000000 --- a/templates/resources/custom_hostname.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -layout: "cloudflare" -page_title: "Cloudflare: cloudflare_custom_hostname" -description: Provides a Cloudflare custom hostname resource. ---- - -# cloudflare_custom_hostname - -Provides a Cloudflare custom hostname (also known as SSL for SaaS) resource. - -## Example Usage - -```hcl -resource "cloudflare_custom_hostname" "example_hostname" { - zone_id = "d41d8cd98f00b204e9800998ecf8427e" - hostname = "hostname.example.com" - ssl { - method = "txt" - } -} -``` - -## Argument Reference - -The following arguments are supported: - -- `zone_id` - (Required) The DNS zone ID where the custom hostname should be assigned. -- `hostname` - (Required) Hostname you intend to request a certificate for. -- `custom_origin_server` - (Optional) The custom origin server used for certificates. -- `custom_origin_sni` - (Optional) The [custom origin SNI](https://developers.cloudflare.com/ssl/ssl-for-saas/hostname-specific-behavior/custom-origin) used for certificates. -- `ssl` - (Required) SSL configuration of the certificate. See further notes below. - -**ssl** block supports: - -- `method` - (Required) Domain control validation (DCV) method used for this - hostname. Valid values are `"txt"`, `"http"` and `"email"`. -- `type` - (Required) Level of validation to be used for this hostname. Domain validation ("dv") must be used. -- `wildcard` - (Required) Indicates whether the certificate covers a wildcard. -- `custom_certificate` - (Optional) If a custom uploaded certificate is used. -- `custom_key` - (Optional) The key for a custom uploaded certificate. -- `settings` - (Required) SSL/TLS settings for the certificate. See further notes below. - -**settings** block supports: - -- `http2` - (Optional) Whether or not HTTP2 should be supported. Valid values are `"on"` or `"off"`. -- `tls13` - (Optional) Whether or not TLSv1.3 should be supported. Valid values are `"on"` or `"off"`. -- `min_tls_version` - (Optional) Lowest version of TLS this certificate should - support. Valid values are `"1.0"`, `"1.1"`, `"1.2"` and `"1.3"`. -- `ciphers` - (Optional) List of SSL/TLS ciphers to associate with this certificate. -- `early_hints` - (Optional) Whether or not early hints should be supported. Valid values are `"on"` or `"off"`. - -## Attributes Reference - -The following attributes are exported: - -- `ownership_verification.type` - Cloudflare Custom Hostname verification method used - for the hostname. -- `ownership_verification.value` - Domain control validation value for - confirming ownership. Example, "\_cf-custom-hostname.example.com` -- `ownership_verification.name` - Cloudflare Custom Hostname verification name - confirming ownership. Example, "03f28e11-fa64-4966-bb1e-dd2423e16f36"` -- `ownership_verification_http.http_url` - Cloudflare Custom Hostname verification URL for - confirming ownership. Example, `http://hostname.example.com/.well-known/cf-custom-hostname-challenge/643395f9-de80-42f5-a2a0-e03ff60cf2a7` -- `ownership_verification_http.http_body` - Cloudflare Custom Hostname verification body for - confirming ownership. Example, `03f28e11-fa64-4966-bb1e-dd2423e16f36` - -## Import - -Custom hostname certificates can be imported using a composite ID formed of the zone ID and [hostname ID](https://api.cloudflare.com/#custom-hostname-for-a-zone-properties), -separated by a "/" e.g. - -``` -$ terraform import cloudflare_custom_hostname.example d41d8cd98f00b204e9800998ecf8427e/0d89c70d-ad9f-4843-b99f-6cc0252067e9 -``` From a21a92d0d99a4403c5d30c9b16859d2b74e9d79c Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Mon, 18 Jul 2022 10:34:02 +1000 Subject: [PATCH 5/6] utils: add renderAvailableDocumentationValuesIntSlice --- internal/provider/utils.go | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/internal/provider/utils.go b/internal/provider/utils.go index 740fe27cb1..10b26cc75a 100644 --- a/internal/provider/utils.go +++ b/internal/provider/utils.go @@ -239,7 +239,7 @@ func getRawValue(key string, value cty.Value) cty.Value { // renderAvailableDocumentationValuesStringSlice takes a slice of strings and // formats it for documentation output use. // -// Example: ["foo", "bar", "baz"] -> `"foo"`, `"bar"`, `"baz"`. +// Example: ["foo", "bar", "baz"] -> `foo`, `bar`, `baz`. func renderAvailableDocumentationValuesStringSlice(s []string) string { output := "" if s != nil && len(s) > 0 { @@ -251,3 +251,19 @@ func renderAvailableDocumentationValuesStringSlice(s []string) string { } return output } + +// renderAvailableDocumentationValuesIntSlice takes a slice of ints and +// formats it for documentation output use. +// +// Example: [1, 2, 3] -> `1`, `2`, `3`. +func renderAvailableDocumentationValuesIntSlice(s []int) string { + output := "" + if s != nil && len(s) > 0 { + values := make([]string, len(s)) + for i, c := range s { + values[i] = fmt.Sprintf("`%d`", c) + } + output = fmt.Sprintf("Available values: %s", strings.Join(values, ", ")) + } + return output +} From 140bb72db6a2399a446a18b872afb6a59cd0312d Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Mon, 18 Jul 2022 10:36:38 +1000 Subject: [PATCH 6/6] fix zoneID usage --- docs/resources/certificate_pack.md | 4 ++-- docs/resources/custom_hostname.md | 2 +- examples/resources/cloudflare_certificate_pack/resource.tf | 4 ++-- examples/resources/cloudflare_custom_hostname/resource.tf | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/resources/certificate_pack.md b/docs/resources/certificate_pack.md index 0d600af6c1..a5ac671a7c 100644 --- a/docs/resources/certificate_pack.md +++ b/docs/resources/certificate_pack.md @@ -23,7 +23,7 @@ you've confirmed the certificate is available. ```terraform # Advanced certificate manager for DigiCert resource "cloudflare_certificate_pack" "example" { - zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" + zone_id = "0da42c8d2132a9ddaf714f9e7c920711" type = "advanced" hosts = ["example.com", "sub.example.com"] validation_method = "txt" @@ -34,7 +34,7 @@ resource "cloudflare_certificate_pack" "example" { # Advanced certificate manager for Let's Encrypt resource "cloudflare_certificate_pack" "example" { - zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" + zone_id = "0da42c8d2132a9ddaf714f9e7c920711" type = "advanced" hosts = ["example.com", "*.example.com"] validation_method = "http" diff --git a/docs/resources/custom_hostname.md b/docs/resources/custom_hostname.md index 354576fa41..8ab37d694d 100644 --- a/docs/resources/custom_hostname.md +++ b/docs/resources/custom_hostname.md @@ -13,7 +13,7 @@ Provides a Cloudflare custom hostname (also known as SSL for SaaS) resource. ```terraform resource "cloudflare_custom_hostname" "example" { - zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" + zone_id = "0da42c8d2132a9ddaf714f9e7c920711" hostname = "hostname.example.com" ssl { method = "txt" diff --git a/examples/resources/cloudflare_certificate_pack/resource.tf b/examples/resources/cloudflare_certificate_pack/resource.tf index 0f1a297fc0..c715fdf745 100644 --- a/examples/resources/cloudflare_certificate_pack/resource.tf +++ b/examples/resources/cloudflare_certificate_pack/resource.tf @@ -1,6 +1,6 @@ # Advanced certificate manager for DigiCert resource "cloudflare_certificate_pack" "example" { - zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" + zone_id = "0da42c8d2132a9ddaf714f9e7c920711" type = "advanced" hosts = ["example.com", "sub.example.com"] validation_method = "txt" @@ -11,7 +11,7 @@ resource "cloudflare_certificate_pack" "example" { # Advanced certificate manager for Let's Encrypt resource "cloudflare_certificate_pack" "example" { - zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" + zone_id = "0da42c8d2132a9ddaf714f9e7c920711" type = "advanced" hosts = ["example.com", "*.example.com"] validation_method = "http" diff --git a/examples/resources/cloudflare_custom_hostname/resource.tf b/examples/resources/cloudflare_custom_hostname/resource.tf index 0ed044a2a7..93970175c8 100644 --- a/examples/resources/cloudflare_custom_hostname/resource.tf +++ b/examples/resources/cloudflare_custom_hostname/resource.tf @@ -1,5 +1,5 @@ resource "cloudflare_custom_hostname" "example" { - zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe" + zone_id = "0da42c8d2132a9ddaf714f9e7c920711" hostname = "hostname.example.com" ssl { method = "txt"