cloudflare · jacobbednarz · Jul 19, 2022 · Jul 13, 2022 · Jul 18, 2022 · Jul 18, 2022
@@ -0,0 +1,11 @@
+```release-note:note
+resource/cloudflare_certificate_pack: remove references to long-deprecated dedicated certs (replaced by `advanced`)
+```
+
+```release-note:enhancement
+resource/cloudflare_certificate_pack: update the list of allowed certificate authorities
+```
+
+```release-note:enhancement
+resource/cloudflare_certificate_pack: fix some of the custom hostname docs copy
+```
@@ -1,15 +1,15 @@
 ---
-layout: "cloudflare"
-page_title: "Cloudflare: cloudflare_certificate_pack"
-description: Provides a Cloudflare Certificate Pack resource.
+page_title: "cloudflare_certificate_pack Resource - Cloudflare"
+subcategory: ""
+description: |-
+  Provides a Cloudflare Certificate Pack resource that is used to provision managed TLS certificates.
 ---
 
-# cloudflare_certificate_pack
+# cloudflare_certificate_pack (Resource)
 
-Provides a Cloudflare Certificate Pack resource that is used to provision
-managed TLS certificates.
+Provides a Cloudflare Certificate Pack resource that is used to provision managed TLS certificates.
 
-~> **Important:** Certificate packs are not able to be updated in place and if
+~> Certificate packs are not able to be updated in place and if
 you require a zero downtime rotation, you need to use Terraform's meta-arguments
 for [`lifecycle`](https://www.terraform.io/docs/configuration/resources.html#lifecycle-lifecycle-customizations) blocks.
 `create_before_destroy` should be suffice for most scenarios (exceptions are
@@ -20,16 +20,10 @@ you've confirmed the certificate is available.
 
 ## Example Usage
 
-```hcl
-resource "cloudflare_certificate_pack" "dedicated_custom_example" {
-  zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe"
-  type    = "dedicated_custom"
-  hosts   = ["example.com", "sub.example.com"]
-}
-
+```terraform
 # Advanced certificate manager for DigiCert
-resource "cloudflare_certificate_pack" "advanced_example_for_digicert" {
-  zone_id               = "1d5fdc9e88c8a8c4518b068cd94331fe"
+resource "cloudflare_certificate_pack" "example" {
+  zone_id               = "0da42c8d2132a9ddaf714f9e7c920711"
   type                  = "advanced"
   hosts                 = ["example.com", "sub.example.com"]
   validation_method     = "txt"
@@ -39,48 +33,69 @@ resource "cloudflare_certificate_pack" "advanced_example_for_digicert" {
 }
 
 # Advanced certificate manager for Let's Encrypt
-resource "cloudflare_certificate_pack" "advanced_example_for_lets_encrypt" {
-  zone_id               = "1d5fdc9e88c8a8c4518b068cd94331fe"
-  type                  = "advanced"
-  hosts                 = ["example.com", "*.example.com"]
-  validation_method     = "http"
-  validity_days         = 90
-  certificate_authority = "lets_encrypt"
-  cloudflare_branding   = false
+resource "cloudflare_certificate_pack" "example" {
+  zone_id                = "0da42c8d2132a9ddaf714f9e7c920711"
+  type                   = "advanced"
+  hosts                  = ["example.com", "*.example.com"]
+  validation_method      = "http"
+  validity_days          = 90
+  certificate_authority  = "lets_encrypt"
+  cloudflare_branding    = false
   wait_for_active_status = true
 }
 ```
 
-## Argument Reference
-
-The following arguments are supported:
-
-- `zone_id` - (Required) The DNS zone to which the certificate pack should be added.
-- `type` - (Required) Certificate pack configuration type.
-  Allowed values: `"custom"`, `"dedicated_custom"`, `"advanced"`.
-- `hosts` - (Required) List of hostnames to provision the certificate pack for.
-  The zone name must be included as a host. Note: If using Let's Encrypt, you
-  cannot use individual subdomains and only a wildcard for subdomain is available.
-- `validation_method` - (Optional based on `type`) Which validation method to
-  use in order to prove domain ownership. Allowed values: `"txt"`, `"http"`, `"email"`.
-- `validity_days` - (Optional based on `type`) How long the certificate is valid
-  for. Note: If using Let's Encrypt, this value can only be 90 days.
-  Allowed values: 14, 30, 90, 365.
-- `certificate_authority` - (Optional based on `type`) Which certificate
-  authority to issue the certificate pack. Allowed values: `"digicert"`,
-  `"lets_encrypt"`.
-- `cloudflare_branding` - (Optional based on `type`) Whether or not to include
-  Cloudflare branding. This will add `sni.cloudflaressl.com` as the Common Name
-  if set to `true`.
-- `wait_for_active_status` - (Optional) Whether or not to wait for a certificate
-  pack to reach status `active` during creation. Defaults to `false`.
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `certificate_authority` (String) Which certificate authority to issue the certificate pack. Available values: `digicert`, `lets_encrypt`, `google`.
+- `hosts` (Set of String) List of hostnames to provision the certificate pack for. The zone name must be included as a host. Note: If using Let's Encrypt, you cannot use individual subdomains and only a wildcard for subdomain is available.
+- `type` (String) Certificate pack configuration type. Available values: `advanced`.
+- `validation_method` (String) Which validation method to use in order to prove domain ownership. Available values: `txt`, `http`, `email`.
+- `validity_days` (Number) How long the certificate is valid for. Note: If using Let's Encrypt, this value can only be 90 days. Available values: `14`, `30`, `90`, `365`.
+- `zone_id` (String) The zone identifier to target for the resource.
+
+### Optional
+
+- `cloudflare_branding` (Boolean) Whether or not to include Cloudflare branding. This will add `sni.cloudflaressl.com` as the Common Name if set to `true`.
+- `validation_records` (Block List) (see [below for nested schema](#nestedblock--validation_records))
+- `wait_for_active_status` (Boolean) Whether or not to wait for a certificate pack to reach status `active` during creation. Defaults to `false`.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `validation_errors` (Block List) (see [below for nested schema](#nestedblock--validation_errors))
+
+<a id="nestedblock--validation_records"></a>
+### Nested Schema for `validation_records`
+
+Optional:
+
+- `cname_name` (String)
+- `cname_target` (String)
+- `emails` (List of String)
+- `http_body` (String)
+- `http_url` (String)
+- `txt_name` (String)
+- `txt_value` (String)
+
+
+<a id="nestedblock--validation_errors"></a>
+### Nested Schema for `validation_errors`
+
+Read-Only:
+
+- `message` (String)
 
 ## Import
 
-Certificate packs can be imported using a composite ID of the zone ID and
-certificate pack ID. This isn't recommended and it is advised to replace the
-certificate entirely instead.
+Import is supported using the following syntax:
 
+```shell
+$ terraform import cloudflare_certificate_pack.example 1d5fdc9e88c8a8c4518b068cd94331fe/8fda82e2-6af9-4eb2-992a-5ab65b792ef1
 ```
-$ terraform import cloudflare_certificate_pack.example cb029e245cfdd66dc8d2e570d5dd3322/8fda82e2-6af9-4eb2-992a-5ab65b792ef1
-```
+
+While supported, importing isn't recommended and it is advised to replace the
+certificate entirely instead.
@@ -1,74 +1,101 @@
 ---
-layout: "cloudflare"
-page_title: "Cloudflare: cloudflare_custom_hostname"
-description: Provides a Cloudflare custom hostname resource.
+page_title: "cloudflare_custom_hostname Resource - Cloudflare"
+subcategory: ""
+description: |-
+  Provides a Cloudflare custom hostname (also known as SSL for SaaS) resource.
 ---
 
-# cloudflare_custom_hostname
+# cloudflare_custom_hostname (Resource)
 
 Provides a Cloudflare custom hostname (also known as SSL for SaaS) resource.
 
 ## Example Usage
 
-```hcl
-resource "cloudflare_custom_hostname" "example_hostname" {
-  zone_id  = "d41d8cd98f00b204e9800998ecf8427e"
+```terraform
+resource "cloudflare_custom_hostname" "example" {
+  zone_id  = "0da42c8d2132a9ddaf714f9e7c920711"
   hostname = "hostname.example.com"
   ssl {
     method = "txt"
   }
 }
 ```
+<!-- schema generated by tfplugindocs -->
+## Schema
 
-## Argument Reference
+### Required
 
-The following arguments are supported:
+- `hostname` (String) Hostname you intend to request a certificate for.
+- `zone_id` (String) The zone identifier to target for the resource.
 
-- `zone_id` - (Required) The DNS zone ID where the custom hostname should be assigned.
-- `hostname` - (Required) Hostname you intend to request a certificate for.
-- `custom_origin_server` - (Optional) The custom origin server used for certificates.
-- `custom_origin_sni` - (Optional) The [custom origin SNI](https://developers.cloudflare.com/ssl/ssl-for-saas/hostname-specific-behavior/custom-origin) used for certificates.
-- `ssl` - (Required) SSL configuration of the certificate. See further notes below.
+### Optional
 
-**ssl** block supports:
+- `custom_origin_server` (String) The custom origin server used for certificates.
+- `custom_origin_sni` (String) The [custom origin SNI](https://developers.cloudflare.com/ssl/ssl-for-saas/hostname-specific-behavior/custom-origin) used for certificates.
+- `ssl` (Block List) SSL configuration of the certificate. (see [below for nested schema](#nestedblock--ssl))
 
-- `method` - (Required) Domain control validation (DCV) method used for this
-  hostname. Valid values are `"txt"`, `"http"` and `"email"`.
-- `type` - (Required) Level of validation to be used for this hostname. Domain validation ("dv") must be used.
-- `wildcard` - (Required) Indicates whether the certificate covers a wildcard.
-- `custom_certificate` - (Optional) If a custom uploaded certificate is used.
-- `custom_key` - (Optional) The key for a custom uploaded certificate.
-- `settings` - (Required) SSL/TLS settings for the certificate. See further notes below.
+### Read-Only
 
-**settings** block supports:
+- `id` (String) The ID of this resource.
+- `ownership_verification` (Map of String)
+- `ownership_verification_http` (Map of String)
+- `status` (String) Status of the certificate.
 
-- `http2` - (Optional) Whether or not HTTP2 should be supported. Valid values are `"on"` or `"off"`.
-- `tls13` - (Optional) Whether or not TLSv1.3 should be supported. Valid values are `"on"` or `"off"`.
-- `min_tls_version` - (Optional) Lowest version of TLS this certificate should
-  support. Valid values are `"1.0"`, `"1.1"`, `"1.2"` and `"1.3"`.
-- `ciphers` - (Optional) List of SSL/TLS ciphers to associate with this certificate.
-- `early_hints` - (Optional) Whether or not early hints should be supported. Valid values are `"on"` or `"off"`.
+<a id="nestedblock--ssl"></a>
+### Nested Schema for `ssl`
 
-## Attributes Reference
+Optional:
 
-The following attributes are exported:
+- `certificate_authority` (String)
+- `custom_certificate` (String) If a custom uploaded certificate is used.
+- `custom_key` (String) The key for a custom uploaded certificate.
+- `method` (String) Domain control validation (DCV) method used for this hostname. Available values: `http`, `txt`, `email`.
+- `settings` (Block List) SSL/TLS settings for the certificate. (see [below for nested schema](#nestedblock--ssl--settings))
+- `type` (String) Level of validation to be used for this hostname. Available values: `dv`. Defaults to `dv`.
+- `wildcard` (Boolean) Indicates whether the certificate covers a wildcard.
 
-- `ownership_verification.type` - Domain control validation (DCV) method used
-  for the hostname.
-- `ownership_verification.value` - Domain control validation (DCV) value for
-  confirming ownership. Example, "\_cf-custom-hostname.example.com`
-- `ownership_verification.name` - Domain control validation (DCV) name
-  confirming ownership. Example, "03f28e11-fa64-4966-bb1e-dd2423e16f36"`
-- `ownership_verification_http.http_url` - Domain control validation (DCV) URL for
-  confirming ownership. Example, `http://hostname.example.com/.well-known/cf-custom-hostname-challenge/643395f9-de80-42f5-a2a0-e03ff60cf2a7`
-- `ownership_verification_http.http_body` - Domain control validation (DCV) body for
-  confirming ownership. Example, `03f28e11-fa64-4966-bb1e-dd2423e16f36`
+Read-Only:
 
-## Import
+- `status` (String)
+- `validation_errors` (List of Object) (see [below for nested schema](#nestedatt--ssl--validation_errors))
+- `validation_records` (List of Object) (see [below for nested schema](#nestedatt--ssl--validation_records))
 
-Custom hostname certificates can be imported using a composite ID formed of the zone ID and [hostname ID](https://api.cloudflare.com/#custom-hostname-for-a-zone-properties),
-separated by a "/" e.g.
+<a id="nestedblock--ssl--settings"></a>
+### Nested Schema for `ssl.settings`
 
-```
-$ terraform import cloudflare_custom_hostname.example d41d8cd98f00b204e9800998ecf8427e/0d89c70d-ad9f-4843-b99f-6cc0252067e9
+Optional:
+
+- `ciphers` (Set of String) List of SSL/TLS ciphers to associate with this certificate.
+- `early_hints` (String) Whether early hints should be supported. Available values: `on`, `off`.
+- `http2` (String) Whether HTTP2 should be supported. Available values: `on`, `off`.
+- `min_tls_version` (String) Lowest version of TLS this certificate should support. Available values: `1.0`, `1.1`, `1.2`, `1.3`.
+- `tls13` (String) Whether TLSv1.3 should be supported. Available values: `on`, `off`.
+
+
+<a id="nestedatt--ssl--validation_errors"></a>
+### Nested Schema for `ssl.validation_errors`
+
+Read-Only:
+
+- `message` (String)
+
+
+<a id="nestedatt--ssl--validation_records"></a>
+### Nested Schema for `ssl.validation_records`
+
+Read-Only:
+
+- `cname_name` (String)
+- `cname_target` (String)
+- `emails` (List of String)
+- `http_body` (String)
+- `http_url` (String)
+- `txt_name` (String)
+- `txt_value` (String)
+
+## Import
+
+Import is supported using the following syntax:
+```shell
+$ terraform import cloudflare_custom_hostname.example 1d5fdc9e88c8a8c4518b068cd94331fe/0d89c70d-ad9f-4843-b99f-6cc0252067e9
 ```
@@ -0,0 +1 @@
+$ terraform import cloudflare_certificate_pack.example 1d5fdc9e88c8a8c4518b068cd94331fe/8fda82e2-6af9-4eb2-992a-5ab65b792ef1
@@ -0,0 +1,22 @@
+# Advanced certificate manager for DigiCert
+resource "cloudflare_certificate_pack" "example" {
+  zone_id               = "0da42c8d2132a9ddaf714f9e7c920711"
+  type                  = "advanced"
+  hosts                 = ["example.com", "sub.example.com"]
+  validation_method     = "txt"
+  validity_days         = 30
+  certificate_authority = "digicert"
+  cloudflare_branding   = false
+}
+
+# Advanced certificate manager for Let's Encrypt
+resource "cloudflare_certificate_pack" "example" {
+  zone_id                = "0da42c8d2132a9ddaf714f9e7c920711"
+  type                   = "advanced"
+  hosts                  = ["example.com", "*.example.com"]
+  validation_method      = "http"
+  validity_days          = 90
+  certificate_authority  = "lets_encrypt"
+  cloudflare_branding    = false
+  wait_for_active_status = true
+}
@@ -0,0 +1 @@
+$ terraform import cloudflare_custom_hostname.example 1d5fdc9e88c8a8c4518b068cd94331fe/0d89c70d-ad9f-4843-b99f-6cc0252067e9
@@ -0,0 +1,7 @@
+resource "cloudflare_custom_hostname" "example" {
+  zone_id  = "0da42c8d2132a9ddaf714f9e7c920711"
+  hostname = "hostname.example.com"
+  ssl {
+    method = "txt"
+  }
+}
@@ -24,6 +24,7 @@ func resourceCloudflareCertificatePack() *schema.Resource {
 		Importer: &schema.ResourceImporter{
 			StateContext: resourceCloudflareCertificatePackImport,
 		},
+		Description: "Provides a Cloudflare Certificate Pack resource that is used to provision managed TLS certificates.",
 	}
 }
 

@@ -144,27 +144,30 @@ func TestAccCertificatePack_DedicatedCustom(t *testing.T) {
 		ProviderFactories: providerFactories,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccCertificatePackDedicatedCustomConfig(zoneID, domain, "dedicated_custom", rnd),
+				Config: testAccCertificatePackAdvancedConfig(zoneID, domain, rnd),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(name, "zone_id", zoneID),
-					resource.TestCheckResourceAttr(name, "type", "dedicated_custom"),
+					resource.TestCheckResourceAttr(name, "type", "advanced"),
 					resource.TestCheckResourceAttr(name, "hosts.#", "2"),
 				),
 			},
 		},
 	})
 }
 
-func testAccCertificatePackDedicatedCustomConfig(zoneID, domain, certType, rnd string) string {
+func testAccCertificatePackAdvancedConfig(zoneID, domain, rnd string) string {
 	return fmt.Sprintf(`
 resource "cloudflare_certificate_pack" "%[3]s" {
+  validity_days = 90,
+  certificate_authority = "lets_encrypt",
+  validation_method = "txt"
   zone_id = "%[1]s"
-  type = "%[4]s"
+  type = "advanced"
   hosts = [
     "%[3]s.%[2]s",
     "%[2]s"
   ]
-}`, zoneID, domain, rnd, certType)
+}`, zoneID, domain, rnd)
 }
 
 func TestAccCertificatePack_WaitForActive(t *testing.T) {

@@ -23,6 +23,7 @@ func resourceCloudflareCustomHostname() *schema.Resource {
 		Importer: &schema.ResourceImporter{
 			StateContext: resourceCloudflareCustomHostnameImport,
 		},
+		Description: "Provides a Cloudflare custom hostname (also known as SSL for SaaS) resource.",
 	}
 }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		$ terraform import cloudflare_certificate_pack.example 1d5fdc9e88c8a8c4518b068cd94331fe/8fda82e2-6af9-4eb2-992a-5ab65b792ef1
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		$ terraform import cloudflare_custom_hostname.example 1d5fdc9e88c8a8c4518b068cd94331fe/0d89c70d-ad9f-4843-b99f-6cc0252067e9
-Original file line number
+Diff line change
@@ Expand Up / @@ -24,6 +24,7 @@ func resourceCloudflareCertificatePack() *schema.Resource { @@
     		Importer: &schema.ResourceImporter{
     			StateContext: resourceCloudflareCertificatePackImport,
     		},
+    		Description: "Provides a Cloudflare Certificate Pack resource that is used to provision managed TLS certificates.",
     	}
     }
@@ Expand Down @@