FEATURES:
- New Resource:
cloudflare_regional_hostname
(#2396) - New Resource:
cloudflare_turnstile_widget
(#2380)
ENHANCEMENTS:
- resource/cloudflare_device_posture_rule: Add support for
sentinelone
type. (#2279) - resource/cloudflare_logpush_job: Fix schema for logpush job
dataset
field (#2397) - resource/cloudflare_logpush_job: add max upload parameters (#2394)
- resource/cloudflare_logpush_job: add support for
device_posture_results
andzero_trust_network_sessions
. (#2405) - resource/cloudflare_notification_policy: Added support for setting Megabits per second threshold for dos alert in Cloudflare notification policy resource. (#2404)
- resource/cloudflare_pages_project: added secrets to Pages project. Secrets are encrypted environment variables, ideal for secrets such as API tokens. See documentation here: https://developers.cloudflare.com/pages/platform/functions/bindings/#secrets (#2399)
- resource/cloudflare_ruleset: add support for the
compress_response
action (#2372) - resource/cloudflare_ruleset: add support for the
http_response_compression
phase (#2372)
BUG FIXES:
- resource/cloudflare_load_balancer: fixes random_steering being unset on value updates (#2403)
- resource/cloudflare_pages_project: fixes pages project acceptance test (#2402)
- resource/cloudflare_ruleset: ensure custom cache keys using query parameters are defined as known values for state handling (#2388)
DEPENDENCIES:
- provider: bumps github.com/cloudflare/cloudflare-go from 0.65.0 to 0.66.0 (#2398)
- provider: bumps github.com/hashicorp/terraform-plugin-mux from 0.9.0 to 0.10.0 (#2395)
NOTES:
- resource/cloudflare_ruleset: introduced future deprecation warning for the
http_request_sbfm
phase. (#2382)
ENHANCEMENTS:
- resource/cloudflare_access_organization: Add auto_redirect_to_identity flag (#2356)
- resource/cloudflare_access_policy: Add isolation_required flag (#2351)
- resource/cloudflare_tunnel: Adds config_src parameter (#2369)
- resource/cloudflare_worker_script: Add
logpush
attribute (#2375)
INTERNAL:
- scripts/generate-changelog-entry: make error message match the executable we are expecting (#2357)
DEPENDENCIES:
- provider: bumps dependabot/fetch-metadata from 1.3.6 to 1.4.0 (#2383)
- provider: bumps github.com/cloudflare/cloudflare-go from 0.64.0 to 0.65.0 (#2370)
- provider: bumps golang.org/x/net from 0.8.0 to 0.9.0 (#2359)
- provider: bumps peter-evans/create-or-update-comment from 2 to 3 (#2355)
NOTES:
- adds support for a basic
flox
environment project (#2345)
FEATURES:
ENHANCEMENTS:
- resource/cloudflare_access_group: Add example of usage of Azure (#2332)
- resource/cloudflare_access_identity_provider: add
claims
andscopes
fields (#2313) - resource/cloudflare_access_identity_provider: add ability for users to enable SCIM provisioning on their Identity Providers (#2147)
- resource/cloudflare_device_posture_integration: add support for managing
kolide
third party posture provider. (#2321) - resource/cloudflare_device_settings_policy: use new
cloudflare.ServiceMode
type (#2331) - resource/cloudflare_ruleset: enforce schema validation of conflicting cache key parameters (#2326)
- resource/cloudflare_teams_rules: updated gateway rule action audit ssh and rule settings (#2303)
- resource/cloudflare_worker_script: Add
compatibility_flags
attribute (#2324) - resources/device_settings_policy: add validation for possible
service_mode_v2_mode
values (#2331)
BUG FIXES:
- datasource/cloudflare_devices: Fix cloudflare_devices data source to return devices correctly and not error (#2348)
- resource/cloudflare_custom_ssl: fix json sent to API when geo_restrictions are not used (#2319)
DEPENDENCIES:
- provider: bumps actions/stale from 7 to 8 (#2322)
- provider: bumps github.com/cloudflare/cloudflare-go from 0.63.0 to 0.64.0 (#2344)
- provider: bumps github.com/hashicorp/terraform-plugin-go from 0.14.3 to 0.15.0 (#2333)
- provider: bumps github.com/hashicorp/terraform-plugin-testing from 1.1.0 to 1.2.0 (#2320)
BREAKING CHANGES:
- resource/cloudflare_ruleset:
status
has been removed in favour ofenabled
now that the workaround for zero values is no longer required (#2271)
NOTES:
cloudflare_ruleset
has been migrated to theterraform-plugin-framework
in doing so addresses issues with the internal representation of zero values. A downside to this is that to get the full benefits, you will need to remove the resource from your Terraform state (terraform state rm ...
) and then import the resource back into your state. Along with this, you will need to update any references tostatus
which was the previous workaround for theenabled
values. If you havestatus = "enabled"
you will need to replace it withenabled = true
and similar forstatus = "disabled"
to be replaced withenabled = false
. (#2271)
FEATURES:
- New Data Source:
cloudflare_list
(#2296) - New Data Source:
cloudflare_lists
(#2296) - New Resource:
cloudflare_address_map
(#2290) - New Resource:
cloudflare_list_item
(#2304)
ENHANCEMENTS:
- resource/access_organization: add ui_read_only_toggle_reason field (#2175)
- resource/cloudflare_device_posture_rule: Support
check_disks
in theinput
block schema. (#2280) - resource/cloudflare_notification_policy_webhooks: ensure
url
triggers recreation, not in-place updates (#2302) - resource/cloudflare_tunnel: rename references of cloudflare_argo_tunnel to cloudflare_tunnel in documentation (#2281)
- resource/cloudflare_tunnel_config: add support for import of
cloudflare_tunnel_config
(#2298) - resource/cloudflare_tunnel_config: rename references of cloudflare_argo_tunnel to cloudflare_tunnel in documentation (#2281)
- resource/cloudflare_tunnel_route: rename references of cloudflare_argo_tunnel to cloudflare_tunnel in documentation (#2281)
- resource/cloudflare_worker_script: Add
compatibility_date
attribute (#2300)
BUG FIXES:
- resource/cloudflare_ruleset: support cache rules for status range >= and =< operations (#2307)
- resource/cloudflare_teams_account: fixes an issue where accounts that had never configured DLP payload logging would error upon reading this resource (#2284)
INTERNAL:
- resource/cloudflare_ruleset: migrate from SDKv2 to
terraform-plugin-framework
(#2271) - test: swap SDKv2 testing harness to github.com/hashicorp/terraform-plugin-testing (#2272)
DEPENDENCIES:
- provider: bumps actions/setup-go from 3 to 4 (#2291)
- provider: bumps github.com/cloudflare/cloudflare-go from 0.62.0 to 0.63.0 (#2289)
- provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.1.1 to 1.2.0 (#2314)
- provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.25.1-0.20230317190757-53a4ec42ea7e to 2.26.0 (#2308)
- provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.26.0 to 2.26.1 (#2315)
ENHANCEMENTS:
- resource/cloudflare_cloudflare_teams_rules: Add untrusted_cert setting to teams rules settings (#2256)
- resource/cloudflare_teams_account: Add support for DLP payload logging public key (#2267)
- resource/cloudflare_teams_rule: Add support for enabling DLP payload logging per-rule (#2267)
- resource/cloudflare_waiting_room: add 'ru-RU' and 'fa-IR' to default_template_language field (#2262)
BUG FIXES:
- resource/cloudflare_access_group: fixes an issue where Azure group rules with different identity provider ids would override each other (#2270)
- resource/cloudflare_notification_policy: ensure all emails are saved if multiple
email_integration
values specified (#2248)
DEPENDENCIES:
- provider: bumps github.com/cloudflare/cloudflare-go from 0.61.0 to 0.62.0 (#2268)
- provider: bumps github.com/stretchr/testify from 1.8.1 to 1.8.2 (#2263)
- provider: bumps golang.org/x/net from 0.7.0 to 0.8.0 (#2274)
Warning Prior to upgrading you should ensure you have adequate backups in the event you need to rollback to version 3. This is a major version bump and involves backwards incompatible changes.
BREAKING CHANGES:
- datasource/cloudflare_waf_groups: removed in favour of
cloudflare_rulesets
(#2138) - datasource/cloudflare_waf_packages: removed in favour of
cloudflare_rulesets
(#2138) - datasource/cloudflare_waf_rules: removed in favour of
cloudflare_rulesets
(#2138) - provider:
account_id
is no longer available as a global configuration option. Instead, use the resource specific attributes. (#2139) - resource/cloudflare_access_bookmark: resource has been removed in favour of configuration on
cloudflare_access_application
(#2136) - resource/cloudflare_access_rule: require explicit
zone_id
oraccount_id
and remove implicit fallback to user level rules (#2157) - resource/cloudflare_account_member:
account_id
is now required (#2153) - resource/cloudflare_account_member: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_argo_tunnel: resource has been renamed to
cloudflare_tunnel
(#2135) - resource/cloudflare_ip_list: removed in favour of
cloudflare_list
(#2137) - resource/cloudflare_load_balancer: Migrate session_affinity_attributes from TypeMap to TypeSet (#1959)
- resource/cloudflare_load_balancer:
session_affinity_attributes.drain_duration
is nowTypeInt
instead ofTypeString
(#1959) - resource/cloudflare_load_balancer_monitor:
account_id
is now required (#2153) - resource/cloudflare_load_balancer_monitor: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_load_balancer_pool:
account_id
is now required (#2153) - resource/cloudflare_load_balancer_pool: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_spectrum_application:
edge_ip_connectivity
is now nested underedge_ips
asconnectivity
(#2219) - resource/cloudflare_spectrum_application:
edge_ips.type
is now a required field (#2219) - resource/cloudflare_spectrum_application:
edge_ips
now contains nested attributes other than IP ranges.type
andconnectivity
have been added.edge_ips.ips
contains the static IP addresses that used to reside atedge_ips
. (#2219) - resource/cloudflare_waf_group: removed in favour of
cloudflare_ruleset
(#2138) - resource/cloudflare_waf_override: removed in favour of
cloudflare_ruleset
(#2138) - resource/cloudflare_waf_package: removed in favour of
cloudflare_ruleset
(#2138) - resource/cloudflare_waf_rule: removed in favour of
cloudflare_ruleset
(#2138) - resource/cloudflare_workers_kv:
account_id
is now required (#2153) - resource/cloudflare_workers_kv: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_workers_kv_namespace:
account_id
is now required (#2153) - resource/cloudflare_workers_kv_namespace: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_workers_script:
account_id
is now required (#2153) - resource/cloudflare_workers_script: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_zone:
account_id
is now required (#2153) - resource/cloudflare_zone: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154)
FEATURES:
- New Data Source:
cloudflare_rulesets
(#2220)
ENHANCEMENTS:
- resource/cloudflare_argo_tunnel: mark
tunnel_token
as sensitive (#2231) - resource/cloudflare_device_settings_policy: Add new flag MS IP Exclusion for device policies (#2236)
- resource/cloudflare_dlp_profile: Add new
allowed_match_count
field to profiles (#2210)
BUG FIXES:
- resource/cloudflare_logpush_job: fixing typo in comment (#2238)
- resource/cloudflare_record: always send tags object which allows removal of unwanted tags (#2205)
- resource/cloudflare_tunnel_config: use correct notation for nested lists (#2235)
INTERNAL:
- internal: bump Go version to 1.20 (#2243)
DEPENDENCIES:
- provider: bump golang.org/x/net to v0.7.0 (#2245)
- provider: bumps github.com/cloudflare/cloudflare-go from 0.60.0 to 0.61.0 (#2240)
- provider: bumps github.com/hashicorp/terraform-plugin-framework-validators from 0.9.0 to 0.10.0 (#2227)
- provider: bumps github.com/hashicorp/terraform-plugin-mux from 0.8.0 to 0.9.0 (#2228)
- provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.24.1 to 2.25.0 (#2239)
- provider: bumps golang.org/x/net from 0.6.0 to 0.7.0 (#2241)
BREAKING CHANGES:
- datasource/cloudflare_waf_groups: removed with no current replacement (#2138)
- datasource/cloudflare_waf_packages: removed with no current replacement (#2138)
- datasource/cloudflare_waf_rules: removed with no current replacement (#2138)
- provider:
account_id
is no longer available as a global configuration option. Instead, use the resource specific attributes. (#2139) - resource/cloudflare_access_bookmark: resource has been removed in favour of configuration on
cloudflare_access_application
(#2136) - resource/cloudflare_access_rule: require explicit
zone_id
oraccount_id
and remove implicit fallback to user level rules (#2157) - resource/cloudflare_account_member:
account_id
is now required (#2153) - resource/cloudflare_account_member: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_argo_tunnel: resource has been renamed to
cloudflare_tunnel
(#2135) - resource/cloudflare_ip_list: removed in favour of
cloudflare_list
(#2137) - resource/cloudflare_load_balancer: Migrate session_affinity_attributes from TypeMap to TypeSet (#1959)
- resource/cloudflare_load_balancer:
session_affinity_attributes.drain_duration
is nowTypeInt
instead ofTypeString
(#1959) - resource/cloudflare_load_balancer_monitor:
account_id
is now required (#2153) - resource/cloudflare_load_balancer_monitor: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_load_balancer_pool:
account_id
is now required (#2153) - resource/cloudflare_load_balancer_pool: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_notification_policy: alert types
block_notification_review_accepted
andworkers_uptime
have been removed. (#2215) - resource/cloudflare_notification_policy: alert types
g6_health_alert
has been renamed toload_balancing_health_alert
(#2215) - resource/cloudflare_notification_policy: alert types
g6_pool_toggle_alert
has been renamed toload_balancing_pool_enablement_alert
(#2215) - resource/cloudflare_notification_policy: alert types
scriptmonitor_alert_new_max_length_script_url
has been renamed toscriptmonitor_alert_new_max_length_resource_url
(#2215) - resource/cloudflare_notification_policy: alert types
scriptmonitor_alert_new_scripts
has been renamed toscriptmonitor_alert_new_resources
(#2215) - resource/cloudflare_waf_group: removed in favour of
cloudflare_ruleset
(#2138) - resource/cloudflare_waf_override: removed in favour of
cloudflare_ruleset
(#2138) - resource/cloudflare_waf_package: removed in favour of
cloudflare_ruleset
(#2138) - resource/cloudflare_waf_rule: removed in favour of
cloudflare_ruleset
(#2138) - resource/cloudflare_workers_kv:
account_id
is now required (#2153) - resource/cloudflare_workers_kv: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_workers_kv_namespace:
account_id
is now required (#2153) - resource/cloudflare_workers_kv_namespace: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_workers_script:
account_id
is now required (#2153) - resource/cloudflare_workers_script: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_zone:
account_id
is now required (#2153) - resource/cloudflare_zone: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154)
FEATURES:
ENHANCEMENTS:
- resource/cloudflare_notification_policy: alert types
block_notification_block_removed
,fbm_dosd_attack
,scriptmonitor_alert_new_max_length_resource_url
,scriptmonitor_alert_new_resources
,tunnel_health_event
,tunnel_update_event
have been added. (#2215) - resource/cloudflare_ruleset: Preserve IDs of unmodified rules when updating rulesets (#2172)
- resource/cloudflare_ruleset: add support for
score_per_period
andscore_response_header_name
(#2177) - resource/cloudflare_worker_script: add support for
queue_binding
(#2134)
BUG FIXES:
- resource/cloudflare_account_member: allow
status
to be computed when not provided (#2217) - resource/cloudflare_page_rule: fix failing page rules acceptance tests (#2213)
- resource/cloudflare_page_rule: make cache_key_fields optional to align with API constraints (#2192)
- resource/cloudflare_page_rule: remove empty cookie and header fields when applying this resource (#2208)
- resource/cloudflare_pages_project: changing
name
will now force recreation of the project (#2216)
DEPENDENCIES:
- provider: bumps github.com/cloudflare/cloudflare-go from 0.59.0 to 0.60.0 (#2204)
- provider: bumps goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#2201)
BUG FIXES:
- provider: remove conflicting
ExactlyOneOf
schema validation from framework schema (#2185)
BREAKING CHANGES:
- datasource/cloudflare_waf_groups: removed with no current replacement (#2138)
- datasource/cloudflare_waf_packages: removed with no current replacement (#2138)
- datasource/cloudflare_waf_rules: removed with no current replacement (#2138)
- provider:
account_id
is no longer available as a global configuration option. Instead, use the resource specific attributes. (#2139) - resource/cloudflare_access_bookmark: resource has been removed in favour of configuration on
cloudflare_access_application
(#2136) - resource/cloudflare_access_rule: require explicit
zone_id
oraccount_id
and remove implicit fallback to user level rules (#2157) - resource/cloudflare_account_member:
account_id
is now required (#2153) - resource/cloudflare_account_member: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_argo_tunnel: resource has been renamed to
cloudflare_tunnel
(#2135) - resource/cloudflare_ip_list: removed in favour of
cloudflare_list
(#2137) - resource/cloudflare_load_balancer_monitor:
account_id
is now required (#2153) - resource/cloudflare_load_balancer_monitor: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_load_balancer_pool:
account_id
is now required (#2153) - resource/cloudflare_load_balancer_pool: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_waf_group: removed in favour of
cloudflare_ruleset
(#2138) - resource/cloudflare_waf_override: removed in favour of
cloudflare_ruleset
(#2138) - resource/cloudflare_waf_package: removed in favour of
cloudflare_ruleset
(#2138) - resource/cloudflare_waf_rule: removed in favour of
cloudflare_ruleset
(#2138) - resource/cloudflare_workers_kv:
account_id
is now required (#2153) - resource/cloudflare_workers_kv: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_workers_kv_namespace:
account_id
is now required (#2153) - resource/cloudflare_workers_kv_namespace: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_workers_script:
account_id
is now required (#2153) - resource/cloudflare_workers_script: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154) - resource/cloudflare_zone:
account_id
is now required (#2153) - resource/cloudflare_zone: no longer sets
client.AccountID
internally and relies on the resource provided value (#2154)
ENHANCEMENTS:
- provider: mux
terraform-plugin-sdk/v2
andterraform-plugin-framework
(#2170) - resource/cloudflare_access_group: supports ip_list property. (#2073)
- resource/cloudflare_access_organization: add support for
user_seat_expiration_inactive_time
(#2115) - resource/cloudflare_ruleset: do not let edge_ttl: default be zero (#2143)
- resource/cloudflare_teams_accounts: adds support for
mailto_address
andmailto_subject
blockpage settings (#2146) - resource/cloudflare_teams_rules: adds egress rule settings. (#2159)
BUG FIXES:
- resource/cloudflare_record: fix issue with DNS comments and tags not being set for new records (#2148)
DEPENDENCIES:
- provider: bumps dependabot/fetch-metadata from 1.3.5 to 1.3.6 (#2183)
- provider: bumps github.com/cloudflare/cloudflare-go from 0.58.1 to 0.59.0 (#2166)
FEATURES:
- New Resource:
cloudflare_device_managed_networks
(#2126)
ENHANCEMENTS:
- provider:
X-Auth-Email
,X-Auth-Key
,X-Auth-User-Service-Key
andAuthorization
values are now automatically redacted from debug logs (#2123) - provider: use inbuilt cloudflare-go logger for HTTP interactions (#2123)
- resource/cloudflare_device_posture_rule: add ability to create crowdstrike s2s posture rule creation (#2128)
- resource/cloudflare_origin_ca: support all authentication schemes (#2124)
- resource/cloudflare_pages_project: adds support for
always_use_latest_compatibility_date
,fail_open
,service_binding
andusage_model
(#2083) - resource/cloudflare_record: add support for tags and comments. (#2105)
DEPENDENCIES:
- provider: bumps github.com/cloudflare/cloudflare-go from 0.57.1 to 0.58.1 (#2122)
NOTES:
- resource/cloudflare_worker_script: supports explicit
account_id
instead of inheriting global values (#2102)
FEATURES:
- New Resource:
cloudflare_tiered_cache
(#2101)
ENHANCEMENTS:
- resource/cloudflare_access_application: makes allowed_idps type to set (#2094)
- resource/cloudflare_custom_hostname: add support for defining custom metadata (#2107)
BUG FIXES:
- resource/cloudflare_api_shield: allow for empty auth_id_characteristics (#2091)
- resource/cloudflare_ruleset: allow edge_ttl -> default to be optional (#2097)
DEPENDENCIES:
- provider: bumps actions/stale from 6 to 7 (#2098)
- provider: bumps github.com/cloudflare/cloudflare-go from 0.56.0 to 0.57.0 (#2102)
FEATURES:
- New Data Source:
cloudflare_load_balancer_pools
(#1228) - New Resource:
cloudflare_url_normalization_settings
(#1878)
ENHANCEMENTS:
- resource/cloudflare_workers_script: add support for
analytics_engine_binding
bindings (#2051)
BUG FIXES:
- resource/access_application: fix issue where session_duration always showed a diff for bookmark apps (#2076)
- resource/cloudflare_ruleset: fix issue where SSL setting is based of security level (#2088)
- resource/cloudflare_split_tunnel: handle nested attribute changes and ignore ordering (#2066)
DEPENDENCIES:
- provider: bumps github.com/cloudflare/cloudflare-go from 0.55.0 to 0.56.0 (#2075)
- provider: bumps goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#2087)
NOTES:
- datasource/api_token_permission_groups:
permissions
attribute has been deprecated in favour of individual resource level attributes. (#1960)
FEATURES:
- New Resource:
cloudflare_device_settings_policy
(#1926) - New Resource:
cloudflare_tunnel_config
(#2041)
ENHANCEMENTS:
- resource/cloudflare_fallback_domain: Add creating fallback domains for device policies (#1926)
- resource/cloudflare_logpush_job: add support for
workers_trace_events
(#2025) - resource/cloudflare_origin_ca_certificate: add logic to renew certificate and add a new flag to set if we should renew earlier (#2048)
- resource/cloudflare_origin_ca_certificate: trigger a replacement when
csr
is changed (#2055) - resource/cloudflare_origin_ca_certificate: trigger a replacement when
validity
is changed (#2046) - resource/cloudflare_pages_domain: add note about needing to make a separate
cloudflare_record
. (#2060) - resource/cloudflare_pages_project: add note about linking git accounts to Cloudflare account. (#2060)
- resource/cloudflare_ruleset: add support for importing existing resources (#2054)
- resource/cloudflare_split_tunnel: Add configuring split tunnel for device policies (#1926)
- resource/cloudflare_workers_kv: add support for explicitly setting
account_id
on the resource (#2049) - resource/cloudflare_workers_kv_namespace: add support for explicitly setting
account_id
on the resource (#2049) - resource/cloudflare_workers_kv_namespace: swap internals to use new method signatures from cloudflare-go release (#2049)
BUG FIXES:
- datasource/api_token_permission_groups: add
user
,account
andzone
attributes to contain only those specific resource level permissions. (#1960) - resource/access_policy: Fix issue where only last SAML rule group was applied in Access policy (#2033)
- resource/cloudflare_account: Fix uninitialized cloudflare.Account.Settings (#2034)
- resource/cloudflare_custom_hostname: remove
ForceNew
onwait_for_ssl_pending_validation
(#2027) - resource/cloudflare_list: Do not reapply changes if only list order changed. (#2063)
- resource/cloudflare_record: Fix null MX record creation (#2038)
- resource/cloudflare_spectrum_application: ignore ordering of
edge_ips
(#2032) - resource/cloudflare_workers_kv:
key
changes force creation of a new resource (#2044)
DEPENDENCIES:
- provider: bumps github.com/cloudflare/cloudflare-go from 0.54.0 to 0.55.0 (#2049)
ENHANCEMENTS:
- resource/cloudflare_zone: add new plans for zone subscriptions (#2023)
BUG FIXES:
- resource/access_application: Fix issue where empty CORS headers state causes panics (#2010)
DEPENDENCIES:
- provider: bumps dependabot/fetch-metadata from 1.3.4 to 1.3.5 (#2008)
- provider: bumps github.com/cloudflare/cloudflare-go from 0.53.0 to 0.54.0 (#2016)
- provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.24.0 to 2.24.1 (#2024)
FEATURES:
- New Resource:
cloudflare_access_organization
(#1961) - New Resource:
cloudflare_dlp_profile
(#1984) - New Resource:
cloudflare_total_tls
(#1979) - New Resource:
cloudflare_waiting_room_rules
(#1957)
ENHANCEMENTS:
- resource/cloudflare_access_application: add support for
app_launcher
,biso
,dash_sso
andwarp
to the schema (#1988) - resource/cloudflare_load_balancer_monitor: support defining explicit
account_id
for resources (#1986) - resource/cloudflare_load_balancer_pool: support defining explicit
account_id
for resources (#1986) - resource/cloudflare_logpush_job: add support for "access_requests" dataset parameter (#2001)
- resource/cloudflare_teams_list: handle pagination for larger Team List accounts (#1706)
- test: use
T.Setenv
to set env vars in provider tests (#1985)
BUG FIXES:
- resource/cloudflare_access_group: fix issue where policy groups were always showing a diff during plans (#1983)
DEPENDENCIES:
- provider: bumps github.com/cloudflare/cloudflare-go from 0.52.0 to 0.53.0 (#1995)
- provider: bumps github.com/stretchr/testify from 1.8.0 to 1.8.1 (#1993)
ENHANCEMENTS:
- resource/cloudflare_custom_hostname: Add
wait_for_ssl_pending_validation
attribute (#1953) - resource/cloudflare_device_posture_rule: Add chromeos and unique_client_id values (#1950)
- resource/cloudflare_load_balancer: Migrate to autogen docs, improve docs (#1954)
- resource/cloudflare_pages_domain: add Pages project domain importer. (#1973)
- resource/cloudflare_ruleset: add support for overriding sensitivity levels for ruleset rules (#1965)
BUG FIXES:
- resource/cloudflare_byo_ip_prefix: set correct prefix ID for the byoip prefix during import. (#1951)
- resource/cloudflare_custom_ssl: check GeoRestrictions is not nil before attempting to compare it (#1964)
- resource/cloudflare_pages_project: add defaults to Pages project deployment config (#1973)
- resource/cloudflare_zone_settings_override: Fetch/modify
origin_max_http_version
as a single setting. (#1805)
DEPENDENCIES:
- provider: bumps github.com/cloudflare/cloudflare-go from 0.51.0 to 0.52.0 (#1962)
- provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.23.0 to 2.24.0 (#1969)
- provider: bumps goreleaser/goreleaser-action from 3.1.0 to 3.2.0 (#1977)
NOTES:
- resource/device_posture_rule: update device posture rule to reflect new linux posture fields (#1842)
ENHANCEMENTS:
- resource/cloudflare_account_member: permit setting status in terraform schema if desired (#1920)
- resource/cloudflare_email_routing_catch_all: switch to a dedicated scheme to allow type = "drop" (#1947)
- resource/cloudflare_load_balancer: Add support for adaptive_routing, location_strategy, random_steering, and zero_downtime_failover (#1941)
- resource/cloudflare_load_balancer: update internal method signatures to match upstream library (#1932)
- resource/cloudflare_load_balancer_monitor: update internal method signatures to match upstream library (#1932)
- resource/cloudflare_load_balancer_pool: update internal method signatures to match upstream library (#1932)
BUG FIXES:
- provider: allow individual setting of x-auth-service-key (#1923)
- provider: fix versioning injection during release builds (#1935)
- resource/cloudflare_byo_ip_prefix: fix
Import
to setaccount_id
(#1930) - resource/cloudflare_record: update Read method to pull from remote API instead of local configuration which is empty during
Import
(#1942) - resource/cloudflare_zone_settings_override: Fix array manipulation bug related to single zone settings (#1925)
DEPENDENCIES:
- provider: bumps actions/stale from 5 to 6 (#1922)
- provider: bumps dependabot/fetch-metadata from 1.3.3 to 1.3.4 (#1945)
NOTES:
- resource/cloudflare_access_bookmark: Bookmark resource is deprecated in favor of using the
cloudflare_access_application
resource. (#1914) - resource/cloudflare_email_routing_rule: Fix example resource to use correct syntax (#1895)
- resource/cloudflare_email_routing_rule_catch_all: Fix example resource to use correct syntax (#1895)
FEATURES:
- New Data Source:
cloudflare_accounts
(#1899) - New Data Source:
cloudflare_record
(#1906) - New Resource:
cloudflare_account
(#1902) - New Resource:
cloudflare_user_agent_blocking_rule
(#1894)
ENHANCEMENTS:
- resource/cloudflare_pages_project: Adds importer for pages_project (#1886)
- tools: add devcontainer for local development (#1892)
BUG FIXES:
- provider: allow setting
api_user_service_key
without token and/or key (#1907) - resource/cloudflare_load_balancer_monitor: fix detection of headers values changing (#1903)
- resource/cloudflare_pages_project: fix null source on project create (#1898)
DEPENDENCIES:
- provider: bumps github.com/cloudflare/cloudflare-go from 0.49.0 to 0.50.0 (#1910)
- provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.21.0 to 2.22.0 (#1900)
- provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.22.0 to 2.23.0 (#1913)
FEATURES:
- New Resource:
cloudflare_api_shield
(#1874) - New Resource:
cloudflare_email_routing_address
(#1856) - New Resource:
cloudflare_email_routing_catch_all
(#1856) - New Resource:
cloudflare_email_routing_rules
(#1856) - New Resource:
cloudflare_email_routing_settings
(#1856) - New Resource:
cloudflare_web3_hostname
(#1882)
ENHANCEMENTS:
- resource/cloudflare_access_service_token: updates internals to allow in place refreshing instead of full replacement based on the
expires_at
andmin_days_for_renewal
values (#1872) - resource/cloudflare_pages_domain: Adds support for Pages domains (#1835)
- resource/cloudflare_pages_project: Adds support for Pages Projects (#1835)
- resource/cloudflare_record: Add HTTPS DNS record type (#1887)
- resource/cloudflare_worker: provide js module option to allow service bindings (#1865)
BUG FIXES:
- resource/cloudflare_authenticated_origin_pulls: fix improper handling of enabled=false (#1861)
DEPENDENCIES:
- provider: bumps github.com/cloudflare/cloudflare-go from 0.48.0 to 0.49.0 (#1871)
- provider: bumps github.com/golangci/golangci-lint from 1.48.0 to 1.49.0 (#1855)
- provider: bumps goreleaser/goreleaser-action from 3.0.0 to 3.1.0 (#1868)
NOTES:
- update local setup documentation to reflect newer required Go version (#1847)
ENHANCEMENTS:
- resource/cloudflare_ruleset: add support for
http_config_settings
(#1837) - resources/worker_script: add support for r2_bucket_binding (#1825)
BUG FIXES:
- resource/cloudflare_fallback_domain: fix perpetual changes due to ordering (#1828)
- resource/cloudflare_notification_policy: add missing alert types and filters to validation and docs (#1830)
DEPENDENCIES:
- provider: bumps github.com/cloudflare/cloudflare-go from 0.46.0 to 0.47.1 (#1844)
- provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.20.0 to 2.21.0 (#1838)
- provider: bumps github.com/hcloudflare-go from 0.47.1 to 0.48.0 (#1848)
BREAKING CHANGES:
- resource/cloudflare_page_rule: Removed
always_online
from page rules since this action has been decommissioned from page rules (#1817)
ENHANCEMENTS:
- resource/cloudflare_custom_ssl: handle when remote ID changes during updates (#1824)
- resource/cloudflare_ruleset: add support and configuration for
serve_errors
action (#1794) - resource/cloudflare_ruleset: add support for sni override in route action (#1816)
BUG FIXES:
- resource/cloudflare_account_member: actually use the
account_id
value (#1823) - resource/cloudflare_zone_settings_override: add missing allowed value of 120 for
browser_cache_ttl
(#1822)
DEPENDENCIES:
- provider: bumps github.com/cloudflare/cloudflare-go from 0.45.0 to 0.46.0 (#1815)
- provider: bumps github.com/golangci/golangci-lint from 1.47.2 to 1.47.3 (#1813)
- provider: bumps github.com/golangci/golangci-lint from 1.47.3 to 1.48.0 (#1820)
- provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.19.0 to 2.20.0 (#1804)
BREAKING CHANGES:
- resource/cloudflare_healthcheck: deprecates
notification_email_addresses
andnotification_suspended
in favour ofcloudflare_notification_policy
(#1789)
NOTES:
- resource/cloudflare_access_rule: this resource now supports an explicit
account_id
instead of the implied one from the client configuration. You should update your configuration to includeaccount_id
and remove permadiffs. (#1790) - resource/cloudflare_account_member: this resource now supports an explicit
account_id
instead of the implied one from the client configuration. You should update your configuration to includeaccount_id
and remove permadiffs. (#1767) - resource/cloudflare_certificate_pack: remove references to long-deprecated dedicated certs (replaced by
advanced
) (#1778) - resource/cloudflare_rulesets: Cache Rules use cache flag instead of bypass_cache (#1785)
- resource/cloudflare_zone: this resource now supports an explicit
account_id
instead of the implied one from the client configuration. You should update your configuration to includeaccount_id
and remove permadiffs. (#1767)
ENHANCEMENTS:
- resource/cloudflare_access_application: Add support for Saas applications (#1762)
- resource/cloudflare_access_rule: add support for
account_id
(#1790) - resource/cloudflare_account_member: add support for
account_id
(#1767) - resource/cloudflare_api_token: add support for
not_before
andexpires_on
(#1792) - resource/cloudflare_certificate_pack: fix some of the custom hostname docs copy (#1778)
- resource/cloudflare_certificate_pack: update the list of allowed certificate authorities (#1778)
- resource/cloudflare_load_balancer: Add support for LB country pools (#1797)
- resource/cloudflare_managed_headers: swap filtering to use API instead of custom logic (#1765)
- resource/cloudflare_ruleset: add support for
from_value
action parameter when using redirect action (#1781) - resource/cloudflare_zone: add support for
account_id
(#1767)
BUG FIXES:
- resource/cloudflare_waiting_room: fix default waiting room
session_duration
andpath
values (#1766) - resource/cloudflare_zone_lockdown: Fix crash when logging upstream error message (#1777)
DEPENDENCIES:
- provider: bumps github.com/cloudflare/cloudflare-go from 0.44.0 to 0.45.0 (#1793)
- provider: bumps github.com/golangci/golangci-lint from 1.46.2 to 1.47.0 (#1786)
- provider: bumps github.com/golangci/golangci-lint from 1.47.0 to 1.47.1 (#1788)
- provider: bumps github.com/golangci/golangci-lint from 1.47.1 to 1.47.2 (#1795)
- provider: bumps github.com/hashicorp/terraform-plugin-log from 0.4.1 to 0.5.0 (#1773)
- provider: bumps github.com/hashicorp/terraform-plugin-log from 0.5.0 to 0.6.0 (#1780)
- provider: bumps github.com/hashicorp/terraform-plugin-log from 0.6.0 to 0.7.0 (#1798)
- provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.18.0 to 2.19.0 (#1779)
ENHANCEMENTS:
- resource/cloudflare_ipsec_tunnel: add allow_null_cipher to ipsec tunnel (#1736)
- resource/cloudflare_record: Validate that DNS record names are non-empty (#1740)
- resource/cloudflare_ruleset: add support for
from_list
action parameter when using redirect action (#1744) - resource/cloudflare_waiting_room: Add queueing_method field. (#1759)
- resource/cloudflare_workers_script: add support for
service_binding
bindings (#1760) - resource/cloudflare_zone_settings_override: Add support for
origin_max_http_version
(#1755)
BUG FIXES:
- resource/cloudflare_list: fix default values for redirect list updates (#1746)
- resource/cloudflare_logpush_job: fix logpush job name validation regex (#1743)
- resource/cloudflare_tunnel_route: Fix incorrect indexing of resource data id attributes (#1753)
DEPENDENCIES:
- provider: bumps dependabot/fetch-metadata from 1.3.1 to 1.3.2 (#1747)
- provider: bumps dependabot/fetch-metadata from 1.3.2 to 1.3.2 (#1748)
- provider: bumps github.com/cloudflare/cloudflare-go from 0.43.0 to 0.44.0 (#1757)
- provider: bumps github.com/hashicorp/terraform-plugin-docs from 0.12.0 to 0.13.0 (#1763)
- provider: bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.17.0 to 2.18.0 (#1758)
- provider: bumps github.com/stretchr/testify from 1.7.5 to 1.8.0 (#1738)
NOTES:
- resource/cloudflare_ip_list: Deprecated cloudflare_ip_list in favor of cloudflare_list. (#1700)
FEATURES:
- New Resource:
cloudflare_managed_headers
(#1688) - New Resource:
resource/cloudflare_list: Added support for generic list types, including redirect lists.
(#1700)
ENHANCEMENTS:
- resource/cloudflare_logpush_job: adds support for
kind
attribute (#1718) - resource/cloudflare_logpush_job: validate name attribute (#1717)
- resource/cloudflare_ruleset: add support for set cache settings (#1701)
BUG FIXES:
- resource/cloudflare_logpush_job: Fix for optional
filter
attribute (#1712) - resource/cloudflare_logpush_job: fix unmarhalling job with empty/no filter (#1723)
- resource/cloudflare_record: ensure trailing
.
invalue
don't cause surious diffs (#1713)
BREAKING CHANGES:
- resource/cloudflare_ruleset: deprecates
enabled
in overridden configurations immediately in favour ofstatus
(#1689)
FEATURES:
- New Resource:
cloudflare_tunnel_virtual_network
(#1672)
ENHANCEMENTS:
- resource/cloudflare_access_identity_provider: Add support for PKCE when creating IDPS. (#1667)
- resource/cloudflare_device_posture_integration: add support for managing
uptycs
,intune
andcrowdstrike
third party posture providers. (#1628) - resource/cloudflare_ipsec_tunnel: add support for
healthcheck_enabled
,health_check_target
,healthcheck_type
,psk
(#1685) - resource/cloudflare_logpush_job: Add
filter
field support (#1660) - resource/cloudflare_tunnel_route: Add
virtual_network_id
attribute (#1668)
BUG FIXES:
- resource/cloudflare_teams_rule: Fixes issue with rule precedence updates by using a generated version of precendence in API calls to reduce clashing versions (#1663)
NOTES:
- provider: swap internal logging mechanism to use
tflog
(#1638) - provider: updated internal package structure of repository (#1636)
ENHANCEMENTS:
- resource/cloudflare_access_group: add support for external evaluation as a new access group rule (#1623)
- resource/cloudflare_argo_tunnel: add
tunnel_token
support (#1590) - resource/cloudflare_logpush_job: add support for specifying
frequency
(#1634) - resource/cloudflare_ruleset: add support for custom fields logging (#1630)
- resource/cloudflare_waiting_room: Add default_template_language field. (#1651)
BUG FIXES:
- resource/cloudflare_access_application: Fix inability to update
http_only_cookie_attribute
to false (#1602) - resource/cloudflare_waiting_room_event: handle time pointer for nullable struct member (#1648)
- resource/cloudflare_workers_kv: handle invalid id during terraform import (#1635)
NOTES:
- provider: internally swapped to using
diag.Diagnostics
for CRUD return types and usingcontext.Context
passed in from the provider itself instead of instantiating our own in each operation (#1592)
ENHANCEMENTS:
- resource/cloudflare_device_posture_rule: Add
expiration
to device posture rule (#1585) - resource/cloudflare_logpush_job: add support for managing
network_analytics_logs
(#1627) - resource/cloudflare_logpush_job: allow r2 logpush destinations without ownership validation (#1597)
- resource/ruleset: add support for
origin
andhost_header
attributes (#1620)
BUG FIXES:
- resource/cloudflare_access_rule: Fix lifecycle of access_rule update (#1601)
- resource/cloudflare_spectrum_application: prevent panic when configuration does not include
edge_ips.connectivity
(#1599) - resource/cloudflare_teams_rule: fixed detection of deleted teams rules (#1622)
FEATURES:
- New Resource:
cloudflare_tunnel_route
(#1572)
ENHANCEMENTS:
- resource/cloudflare_certificate_pack: add support for new option (
wait_for_active_status
) to block creation until certificate pack is active (#1567) - resource/cloudflare_notification_policy: Add
slo
to notification policy filters (#1573) - resource/cloudflare_teams_list: Add support for IP type (#1550)
BUG FIXES:
- cloudflare_tunnel_routes: Fix reads matching routers with larger CIDRs (#1581)
- resource/cloudflare_access_group: allow github access groups to be created without a list of teams (#1589)
- resource/cloudflare_logpush_job: make ownership challenge check for https not required (#1588)
- resource/cloudflare_tunnel_route: Fix importing resource (#1580)
- resource/cloudflare_zone: update plan identifier for professional rate plans (#1583)
NOTES:
- resource/cloudflare_byo_ip_prefix: now requires an explicit
account_id
parameter instead of implicitly relying onclient.AccountID
(#1563) - resource/cloudflare_ip_list: no longer sets
client.AccountID
internally for resources (#1563) - resource/cloudflare_magic_firewall_ruleset: no longer sets
client.AccountID
internally for resources (#1563) - resource/cloudflare_static_route: no longer sets
client.AccountID
internally for resources (#1563) - resource/cloudflare_worker_cron_trigger: now requires an explicit
account_id
parameter instead of implicitly relying onclient.AccountID
(#1563)
ENHANCEMENTS:
- resource/cloudflare_custom_pages: add support for managed_challenge action (#1478)
- resource/cloudflare_ruleset: add support for rule
logging
(#1538)
ENHANCEMENTS:
- resource/cloudflare_ruleset: Setting description to
Optional
to better reflect API requirements (#1556)
BUG FIXES:
- resource/cloudflare_zone: don't get stuck in endless loop for partner zone rate plans (#1547)
NOTES:
- resource/cloudflare_healthcheck:
notification_suspended
andnotification_email_addresses
attributes are being deprecated in favour ofcloudflare_notification_policy
resource instead. (#1529)
FEATURES:
- New Resource:
cloudflare_access_bookmark
(#1539)
ENHANCEMENTS:
- resource/cloudflare_access_application: Add service_auth_401_redirect field. (#1540)
BUG FIXES:
- resource/cloudflare_api_token: ignore ordering changes in
permission_groups
(#1545) - resource/cloudflare_notification_policy: Fix unexpected crashes when using cloudflare_notification_policy with a filters attribute (#1542)
- resource/cloudflare_zone_dnssec: don't try to enable DNSSEC when state is "pending" (#1530)
NOTES:
- resource/cloudflare_origin_ca_certificate:
requested_validity
no longer decrements until theexpires_on
value but is now the amount of days the certificate was requested for. (#1502)
FEATURES:
- New Resource:
cloudflare_teams_proxy_endpoint
(#1517) - New Resource:
cloudflare_waiting_room_event
(#1509)
ENHANCEMENTS:
- resource/cloudflare_page_rule: add support for
actions.disable_zaraz
(#1523) - resource/cloudflare_ruleset: add support for
action_parameters.response
to control the response when triggering a WAF rule (#1507) - resource/cloudflare_ruleset: add support for
ratelimit.requests_to_origin
(#1507)
BUG FIXES:
- resource/cloudflare_device_posture_integration: remove superfluous
id
from schema (#1504) - resource/cloudflare_spectrum_application: Fix 'edge_ip_connectivity' state persistence (#1515)
BUG FIXES:
- resource/cloudflare_ruleset: don't attempt to upgrade ratelimit if it isn't set (#1501)
BREAKING CHANGES:
- resource/cloudflare_ruleset: rename
mitigation_expression
tocounting_expression
(#1477)
ENHANCEMENTS:
- resource/cloudflare_access_rule: add support for managed_challenge action (#1457)
- resource/cloudflare_custom_hostname: adds support for custom_origin_sni (#1482)
- resource/cloudflare_device_policy_certificates: add support for device policy certificate settings (#1467)
- resource/cloudflare_teams_rules: Add
insecure_disable_dnssec_validation
option to settings (#1469) - resource/cloudflare_zone: add support for partner rate plans (#1464)
BUG FIXES:
- resource/cloudflare_record: no need to pass the resourceCloudflareRecordUpdate to the NonRetryable handler (#1496)
NOTES:
- resource/cloudflare_api_token: revert swap from TypeList to TypeSet due to broken migration (#1455)
FEATURES:
- New Data Source:
cloudflare_devices
(#1453)
FEATURES:
ENHANCEMENTS:
- cloudflare_ruleset: add support for "managed_challenge" action (#1442)
- resource/certificate_pack: adds
validation_errors
andvalidation_records
with same format as custom hostnames. (#1424) - resource/custom_hostname: also adds missing
validation_errors
, andcertificate_authority
(#1424) - resource/custom_hostname: validation tokens are now an array (
validation_records
) instead of a top level, but the only top level record that was previously here was for cname validation, txt/http/email were entirely missing. (#1424)
BUG FIXES:
- cloudflare_argo_tunnel: conditionally fetch settings based on the provided configuration (#1451)
- resource/cloudflare_api_token: ignore ordering of
permission_group
IDs (#1425)
FEATURES:
- New Resource:
cloudflare_ipsec_tunnel
(#1404)
ENHANCEMENTS:
- datasource/cloudflare_zones: allow filtering by account_id (#1401)
- resource/cloudflare_cloudflare_teams_rules: Add
check_session
andadd_headers
attributes to settings (#1402) - resource/cloudflare_cloudflare_teams_rules: Add
disable_download
,disable_keyboard
, anddisable_upload
attributes toBISOAdminControls
(#1402) - resource/cloudflare_logpush_job: add support for managing
dns_logs
(#1400) - resource/cloudflare_ruleset: add skip support for
products
andphases
(#1391) - resource/cloudflare_ruleset: smoother handling of UI/API collisions during migrations (#1393)
- resource/cloudflare_teams_accounts: Add the
fips
field for configuring FIPS-compliant TLS. (#1380)
BUG FIXES:
- resource/cloudflare_fallback_domain: default entries are now restored on delete. (#1399)
- resource/cloudflare_ruleset: conditionally set action parameter "version" (#1388)
- resource/cloudflare_ruleset: fix handling of
false
values for category/rule overrides (#1405)
FEATURES:
- New Resource:
cloudflare_device_posture_integration
(#1340) - New Resource:
cloudflare_fallback_domain
(#1356)
ENHANCEMENTS:
- resource/cloudflare_firewall_rule: add support for managed_challenge action (#1378)
- resource/cloudflare_load_balancer_monitor: added support for smtp, icmp_ping, and udp_icmp monitors (#1371)
- resource/cloudflare_logpush_job: add support for account-level logpush jobs (#1311)
- resource/cloudflare_logpush_ownership_challenge: add support for account-level logpush ownership challenges (#1311)
BUG FIXES:
- resource/cloudflare_api_token: modified_on is now read correctly (#1368)
DEPENDENCIES:
github.com/cloudflare/cloudflare-go
v0.29.0 => v0.30.0 (#1379)
ENHANCEMENTS:
- resource/cloudflare_access_application: add bookmark type to apptypes (#1343)
- resource/cloudflare_teams_rules: GATE-2273: Adds support for device posture gateway rules (#1353)
BUG FIXES:
- resource/cloudflare_load_balancer: handle empty
rules
forresourceCloudflareLoadBalancerStateUpgradeV1
(#1257) - resource/cloudflare_split_tunnel: import will now use correct import function (#1345)
NOTES:
- provider: split schema definition from resource CRUD operations (#1321)
FEATURES:
- New Data Source:
cloudflare_access_identity_provider
(#1300)
ENHANCEMENTS:
- resource/cloudflare_access_application: add support for
app_launcher_visible
to the schema (#1303) - resource/cloudflare_ruleset: add support for rewriting HTTP response headers (#1339)
- resource/cloudflare_zone: support changing
type
values (#1301)
BUG FIXES:
- resource/cloudflare_access_group: fix mapping error for AzureAD (#1341)
- resource/cloudflare_access_rule: allow "ip6" to be a padded or unpadded value and compare correctly (#1294)
- resource/cloudflare_argo: call
Read
forImport
operations (#1295) - resource/cloudflare_argo_tunnel: fix import mechanism (#1329)
- resource/cloudflare_argo_tunnel: update CNAME to use
cfargotunnel.com
(#1293) - resource/cloudflare_origin_ca_certificate: reintroduce
DiffSuppressFunc
forrequested_validity
changes to handle all schema/SDK combinations (#1289) - resource/cloudflare_split_tunnel: import now works by specifying accountId/mode (#1313)
- resource/cloudflare_teams_list: ignore
items
ordering (#1338)
ENHANCEMENTS:
- provider: add the ability to configure a different hostname and base path for the API client (#1270)
- resource/cloudflare_access_application: add support for 'skip_interstitial' and 'logo_url' properties (#1262)
- resource/cloudflare_custom_hostname: add
settings.early_hints
to ssl schema (#1286) - resource/cloudflare_ruleset: add support for exposed credential checks (#1263)
- resource/cloudflare_zone_setting_override: add support for overriding
early_hints
(#1285)
BUG FIXES:
- resource/cloudflare_ruleset: allow action parameter override
enabled
to be true/false or uninitialised (#1275) - resource/cloudflare_ruleset: allow setting
uri
andpath
action parmeters together in a single rule (#1271)
FEATURES:
- New Data Source:
cloudflare_account_roles
(#1238)
ENHANCEMENTS:
- resource/cloudflare_access_application: add support for 'SameSite' and 'HttpOnly' cookie attributes (#1241)
- resource/cloudflare_argo_tunnel: add
cname
as exported attribute (#1259) - resource/cloudflare_load_balancer_pool: add support for origin steering (#1240)
- resource/cloudflare_ruleset: add support for 'Action' and 'Enabled' action_parameters > overrides attributes (#1249)
- resource/cloudflare_zone_setting_override: add support for overriding
binary_ast
(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
filter_logs_to_cloudflare
(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
log_to_cloudflare
(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
orange_to_orange
(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
proxy_read_timeout
(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
visitor_ip
(#1261)
BUG FIXES:
- resource/cloudflare_access_policy: handle empty
nil
values for building policies (#1237) - resource/cloudflare_ruleset: don't attempt to update "custom" rulesets using the phase entrypoint (#1245)
NOTES:
- provider: cloudflare-go has been upgraded to v0.25.0 (#1236)
FEATURES:
ENHANCEMENTS:
- provider: add support for debugging via debuggers (like delve) (#1217)
- resource/cloudflare_access_policy: add support for approval_required flag (#1230)
BUG FIXES:
- resource/cloudflare_account_member: handle role changes made in the dashboard (#1202)
- resource/cloudflare_origin_ca_certificate: ignore
requested_validity
changes due to the value decreasing but still store it (#1214) - resource/cloudflare_record: handle
Update
s for records withdata
blocks (#1229)
ENHANCEMENTS:
- resource/cloudflare_ruleset: add support for ddos_l7 configuration (#1212)
ENHANCEMENTS:
- resource/cloudflare_access_rule: add state migrator for 3.x (#1211)
- resource/cloudflare_custom_ssl: add state migrator for 3.x (#1211)
- resource/cloudflare_load_balancer: add state migrator for 3.x (#1211)
- resource/cloudflare_record: add state migrator for 3.x (#1211)
BREAKING CHANGES:
- resource/cloudflare_access_rule:
configuration
is now aTypeList
instead of aTypeMap
(#1188) - resource/cloudflare_custom_ssl:
custom_ssl_options
is now aTypeList
instead ofTypeMap
(#1188) - resource/cloudflare_load_balancer:
fixed_response
is now aTypeList
instead of aTypeMap
(#1188) - resource/cloudflare_load_balancer: fixed_response.status_code
is now a
TypeIntinstead of a
TypeString` (#1188) - resource/cloudflare_record:
data
is now aTypeList
instead of aTypeMap
(#1188)
NOTES:
- provider: Golang version has been upgraded to 1.17 (#1188)
- provider: HTTP user agent is now "terraform/:version terraform-plugin-sdk/:version terraform-provider-cloudflare/:version" (#1188)
- provider: Minimum Terraform core version is now 0.14 (#1188)
- provider: terraform-plugin-sdk has been upgraded to 2.x (#1188)
ENHANCEMENTS:
- resource/cloudflare_custom_hostname:
settings.ciphers
is now aTypeSet
internally to handle suppress ordering changes. Schema representation remains the same (#1188) - resource/cloudflare_custom_hostname:
settings
is nowOptional
/Computed
to reflect the stricter schema validation introduced in terraform-plugin-sdk v2 (#1188) - resource/cloudflare_custom_hostname:
status
is nowComputed
as the value isn't managed by an end user (#1188)
NOTES:
- provider: Update to cloudflare-go v0.22.0 (#1184)
FEATURES:
- New Resource:
cloudflare_access_keys_configuration
(#1186) - New Resource:
cloudflare_teams_account
(#1173) - New Resource:
cloudflare_teams_rule
(#1173)
ENHANCEMENTS:
- resource/cloudflare_access_policy: add support for purpose justification and approvals (#1199)
- resource/cloudflare_ruleset: add support for HTTP rate limiting (#1179)
- resource/cloudflare_ruleset: add support for Transform Rules (#1169)
- resource/cloudflare_ruleset: add support for WAF payload logging (#1174)
- resource/cloudflare_ruleset: add support for more complex skip ruleset configurations (#1201)
BUG FIXES:
- resource/cloudflare_ruleset: fix state handling for terraform-plugin-sdk v2 (#1183)
- resource/cloudflare_zone_settings_override: remap
zero_rtt
=>0rtt
for resource delete (#1175)
Fixes
resource/cloudflare_ruleset
: Send a single payload for rules instead of many individual payloads to prevent overwriting previous rules (#1171)
- New resource:
cloudflare_notification_policy
(#1138) - New resource:
cloudflare_notification_policy_webhooks
(#1151) - New resource:
cloudflare_ruleset
(#1143) - New resource:
cloudflare_teams_location
(#1154) - New datasource:
cloudflare_origin_ca_root_certificate
(#1158)
Improvements
resource/cloudflare_waiting_room
: Add support forjson_response_enabled
as an argument (#1122)
Improvements
resource/cloudflare_access_device_posture_rule
: Add support fordomain_joined
,firewall
,os_version
, anddisk_encryption
(#1137)- provider: bump
cloudflare-go
to v0.20.0 (#1146)
Improvements
resource/cloudflare_logpush_job
: Add support for"nel_reports"
as a dataset (#1122)resource/cloudflare_custom_hostname
: Allow SSL options to be optional when not required (#1131)resource/cloudflare_access_identity_provider
: Support optional Okta API token (#1119)resource/cloudflare_load_balancer_pool
: Add support for load shedding (#1108)resource/cloudflare_load_balancer_pool
: Add support for longitude and latitude (#1093)
Fixes
resource/cloudflare_record
: Use correctImport
method on resource (#1116)resource/cloudflare_worker_cron_trigger
: Account for deletion of scripts and force a refresh of triggers (#1121)resource/cloudflare_rate_limit
: Handleorigin_traffic
missing from API response (#1125)resource/cloudflare_record
: Supportallow_overwrite
for root records (#1129)
- New resource:
cloudflare_waiting_room
(#1053)
Improvements
datasource/cloudflare_waf_rules
: Exportdefault_mode
as an attribute (#1079)
Fixes
resource/cloudflare_access_application
: Revert removal of schema changes causing existing applications unable to re-apply (#1118)
- New resource:
cloudflare_static_route
(#1098)
Improvements
resource/cloudflare_origin_ca
: Ignore decreasingrequested_validity
(#1043)resource/waf_override
: Allowrules
to be optional (#1090)resource/cloudflare_zone
: Don't attempt to set free zone rate plans as that is already the default (#1102)resource/cloudflare_access_application
: Ability to settype
for Applications (#1076)resource/cloudflare_zone_lockdown
: Update documentation to show examples of multiple configurations (#1106)
Improvements
- provider: Update to terraform-plugin-sdk v1.17.1 (#1035, #1043)
resource/cloudflare_logpush_job
: Allowownership_challenge
to be optional to account for Datadog, Splunk or S3-Compatible endpoints (#1048)resource/cloudflare_access_group
: Add support forlogin_method
(#1066)resource/cloudflare_load_balancer
: Add support forpromixity
based steering (#1072)resource/cloudflare_access_application
: Prevent bad CORS configuration when credentials and all origins are permitted (#1073)resource/cloudflare_access_service_tokens
: Allow configuration to manage automatic renewal when the threshold is crossed and Terraform operations are performed within the window (#1057)resource/cloudflare_load_balancer_pool
: Allow support forHost
header settings (#1042)
Fixes
resource/cloudflare_access_policy
: Allow empty slices in blocks when building policies (#1034)resource/cloudflare_load_balancer
: Fixoverride
attributespop_pools
andregion_pools
referencing incorrect values causing a panic (#1039)
New resource: cloudflare_access_ca_certificate
(#995)
Improvements
resource/cloudflare_access_application
: Improve documentation forImport
usage (#1002)resource/cloudflare_logpush_job
: Update documentation to reflect requirements fordestination_conf
to match across all uses (#1024)resource/cloudflare_custom_hostname_fallback
: Better handle service lag when updating existing resources by attempting retries (#1014)resource/cloudflare_waf_group
: Simplify error handling using inbuilt helpers (#1015)resource/cloudflare_waf_rule
: Simplify error handling using inbuilt helpers (#1015)resource/cloudflare_waf_package
: Simplify error handling using inbuilt helpers (#1015)resource/cloudflare_access_group
: Add support forlogin_method
(#1018)- provider: Update to cloudflare-go v0.16.0 (#1018)
- provider: Update to terraform-plugin-sdk v1.16.1 (#1003)
resource/cloudflare_load_balancer
: Add support forrules
(#1016)
Fixes
resource/cloudflare_record
: Address regression from 2.19.1 by checking the API response instead of the schema output forPriority
(#992)
Fixes
resource/cloudflare_record
: UpdatePriority
handling for MX parked records (#986)
Fixes
resource/cloudflare_access_group
: Fix crash when constructing a GSuite group (#940)resource/cloudflare_access_policy
: Makeprecedence
required (#941)resource/cloudflare_access_group
: Fix crash when constructing a SAML group (#948)resource/cloudflare_zone
: UpdateRetry
logic to look at an available field for passing conditions (#973)resource/cloudflare_page_rule
: Allow ignoring/including all query string parameters forcache_key_fields
(#975)
Improvements
resource/cloudflare_access_policy
: Enable zone and account level resources to be imported (#956)resource/cloudflare_origin_ca_certificate
: Smoother import process with less recreation (#955)- provider: Update internals to match
cloudflare-go
0.14 for better error handling and context aware methods (#976)
Fixes
datasource/cloudflare_zones
: Pagination is now correctly handled internally and will return more than the single page of results (cloudflare/cloudflare-go#534).resource/cloudflare_access_policy
: Correctly handle transforming API responses to schema (#917)resource/cloudflare_access_group
: Correctly handle transforming API responses to schema (#918)resource/cloudflare_ip_list
: Ensure account ID is persisted duringImport
(#916)
Improvements
resource/cloudflare_access_application
: Allow anysession_duration
that istime.ParseDuration
compatible (#910)resource/cloudflare_rate_limit
: Add the ability to configurematch.response.headers
in rate limits (#911)resource/cloudflare_access_rule
: Validate IP masks within schema (#921)
- New Resource:
cloudflare_magic_firewall_ruleset
(#884)
Fixes
resource/cloudfare_api_token
: Omittingconditions
will no longer send empty arrays causing IP restriction issues and unusable tokens (#902)
Improvements
resource/cloudflare_access_application
: Add support forcustom_deny_message
andcustom_deny_url
values (#895)resource/cloudflare_load_balancer_monitor
: Add support forprobe_zone
for monitors (#903)
Improvements
resource/cloudflare_load_balancer
: Add support forsession_affinity_ttl
(#882)resource/cloudflare_load_balancer
: Add support forsession_affinity_attributes
(#883)
Fixes
resource/cloudflare_page_rule
: Fixed crash during update when using custom cache key (#894)
- New Resource:
cloudflare_api_token
(#862) - New Datasource:
cloudflare_api_token_permission_groups
(#862) - New Resource:
cloudflare_zone_dnssec
(#852) - New Datasource:
cloudflare_zone_dnssec
(#852)
Improvements
resource/cloudflare_record
: Add explicit fields for CAA records instead of relying on the map value (#866)resource/cloudflare_account_member
: Swap schemarole_ids
toTypeSet
to better handle internal ordering changes (#876)
Fixes
datasource/cloudflare_waf_groups
: Maked.Id()
a consistent string value to prevent Terraform thinking it requires an update (#869)datasource/cloudflare_waf_packages
: Maked.Id()
a consistent string value to prevent Terraform thinking it requires an update (#869)datasource/cloudflare_waf_rules
: Maked.Id()
a consistent string value to prevent Terraform thinking it requires an update (#869)datasource/cloudflare_zones
: Maked.Id()
a consistent string value to prevent Terraform thinking it requires an update (#869)
Fixes
resource/cloudflare_filter
: Remove schema based validation for filters (#863)
Improvements
resource/cloudflare_filter
: Pass missing credential error through to end user (#860)
Improvements
datasource/cloudflare_ip_ranges
: Add the ability to querychina_ipv4_cidr_blocks
andchina_ipv6_cidr_blocks
(#833)resource/cloudflare_filter
: Improve validation of expressions using the schema (#848)
Fixes
resource/cloudflare_page_rule
: Set default forcache_key_fields.host.resolved
to prevent panics (#832)resource/cloudflare_authenticated_origin_pulls
: Fix off-by-one error check inImport
(#832)resource/cloudflare_authenticated_origin_pulls_certificate
: Fix off-by-one error check inImport
(#832)
Improvements
resource/cloudflare_certificate_pack
: Swap internal representation ofhosts
to remove inconsistent ordering issues (#800)resource/cloudflare_logpush_job
: Handle deletion outside of Terraform (#798)resource/cloudflare_access_group
: Add support forgeo
conditionals (#803)resource/cloudflare_access_application
: Add support forenable_binding_cookie
(#802)resource/cloudflare_waf_rule
: Improve documentation formode
(#824)datasource/cloudflare_waf_rule
: Improve documentation formode
(#824)resource/cloudflare_access_application
: Add support for zone-level routes to Access resources (#819)resource/cloudflare_access_group
: Add support for zone-level routes to Access resources (#819)resource/cloudflare_access_identity_provider
: Add support for zone-level routes to Access resources (#819)resource/cloudflare_access_policy
: Add support for zone-level routes to Access resources (#819)
Fixes
resource/cloudflare_custom_hostname_fallback_origin
: Don't retry the "active" status of custom hostnames fallbacks (#818)resource/cloudflare_zone
: RemoveDiffSuppressFunc
causingjump_start
issues (#830)
- New Resource:
cloudflare_certificate_pack
(#778)
Improvements
resource/cloudflare_access_group
: Add support forauth_method
(#762)resource/cloudflare_access_group
: De-duplicate blocks in groups by accepting lists instead (#739)resource/cloudflare_worker_script
: Adds support forwebassembly_binding
(#780)resource/cloudflare_healthcheck
: Retry hostname resolution errors when encountering "no such host" responses (#789)resource/cloudflare_access_application
: Better validation for allowed methods and origin combinations to prevent getting state into an unrecoverable state (#793)
Fixes
resource/cloudflare_healthcheck
: Handle resource deletion outside of Terraform (#787)resource/cloudflare_custom_hostname
: EnsureImport
sets hostname to prevent recreation (#788)resource/cloudflare_ip_list
: Handle resource deletion outside of Terraform (#794)resource/cloudflare_ip_list
: Removeitem
.id
from schema (#796)
Fixes
resource/cloudflare_access_application
: Handle thezone_id
=>account_id
move internally (#724)
- New Resource:
cloudflare_custom_hostname_origin_fallback
(#757) - New Resource:
cloudflare_authenticated_origin_pulls
(#749) - New Resource:
cloudflare_authenticated_origin_pulls_certificate
(#749) - New Resource:
cloudflare_ip_list
(#766)
Improvements
resource/cloudflare_spectrum_application
: Add support for port ranges (#745)resource/cloudflare_custom_hostname
: Force creation of a new resource if thezone_id
value changes (#761)resource/cloudflare_record
: Retry record creation/update if the response includes an "already exists" exception for handling race conditions (#773)
Fixes
resource/cloudflare_firewall_rule
: Compare descriptions after converting unicode + HTML entities to prevent unnecessary diffs (#758)resource/cloudflare_filter
: Compare descriptions after converting unicode + HTML entities to prevent unnecessary diffs (#758)
- New Resource:
cloudflare_custom_hostname
(SSL for SaaS) (#746)
Improvements
resource/access_application
: Add support forallowed_idps
and restricting which Identity Providers are associated with an Application (#734)resource/access_application
: Add support forauto_redirect_to_identity
(#730)resource/access_application
: Add CORS support (#725)resource/cloudflare_custom_ssl
: Allowgeo_restrictions
to benil
and not included in the request payload (#714)datasource/cloudflare_zones
: Filtering is now performed on the server side and thename
parameter is no longer a regex. Instead,name
is a string to match on andmatch
is a regex. See the website documentation for more examples and updated references (#708) in order to make your code compatible with this release.
- New Resource:
cloudflare_waf_override
(#691)
Improvements
resource/cloudflare_argo
: Allowtiered_caching
andsmart_routing
to be toggled individually allowing for entitlement differences (#703)resource/cloudflare_page_rule
: Add support forcache_ttl_by_status
(#706)resource/cloudflare_worker_script
: Add support forplain_text
andsecret_text
bindings (#710)
Fixes
resource/cloudflare_record
: UpdateTestAccCloudflareRecord_LOC
test asserted value to use less precise floats and match the API responses (#712)resource/cloudflare_record
: UpdateTestAccCloudflareRecord_Basic
testmetadata
attributes to match updated API payload (#713)
- New Resource:
cloudflare_byo_ip_prefix
(#671) - New Resource:
cloudflare_logpull_retention
(#678) - New Resource:
cloudflare_healthcheck
(#680)
Improvements:
resource/cloudflare_worker_route
: Improve documentation to mention usingaccount_id
for the underlying APIs (#669)resource/cloudflare_worker_script
: Improve documentation to mention usingaccount_id
for the underlying APIs (#670)resource/cloudflare_load_balancer_pool
: Improve documentation to mentionnotification_email
accepts a comma delimited list of emails (#687)resource/cloudflare_page_rule
: Add support forcache_key_fields
Page Rule action (#662)
Fixes:
resource/cloudflare_zone_settings_override
: Fix regression where if you didn't have universal SSL settings defined, it would error when setting them (#663)resource/cloudflare_zone
: Handle changing zone rate plan from "free" to "enterprise" (#668)resource/cloudflare_record
: Update validation to allow PTR records (9a8fd43)
Improvements:
resource/cloudflare_zone_settings_override
: Adduniversal_ssl
to control enablement of Universal SSL on a zone (#658)- provider: API keys and API tokens are now validated to help differentiate incorrect usage before making API calls (#661)
resource/cloudflare_logpush_job
: Add support for "firewall_events" dataset parameter (#660)resource/cloudflare_logpush_job
: Add support for "dataset" parameter (#649)resource/cloudflare_zone_settings_override
: Removeedge_cache_ttl
(#654)resource/cloudflare_access_group
: Allow Access conditions forinclude
/require
/exclude
to be used consistently between Access Groups and Access Policies (#646)
Fixes:
resource/cloudflare_logpush_job
: fix forstrconv.Atoi: parsing ""
error while creating Logpush job
Improvements:
resource/cloudflare_zone_settings_override
: Updateimage_resizing
options to include"open"
(#639)
Fixes:
resource/cloudflare_access_group
: Fixed misspelt Okta in JSON payload (cloudflare/cloudflare-go#440)
Improvements:
resource/cloudflare_access_policy
: Add support forservice_token
andany_valid_service_token
(#612)resource/cloudflare_waf_group
: Handle WAF group deletions in the API responses (#623)resource/cloudflare_waf_package
: Handle WAF package deletions in the API responses (#623)resource/cloudflare_waf_rule
: Handle WAF rule deletions in the API responses (#623)resource/cloudflare_access_policy
: Add support forgroup
(#626)resource/cloudflare_firewall_rule
: Add support for bypassing specificproducts
(#630)resource/cloudflare_spectrum_application
: Add support foredge_ips
,argo_smart_routing
andedge_ip_connectivity
(#631)resource/cloudflare_access_group
: Add support for using external providers (gsuite
,github
,azure
,okta
,saml
,mTLS certificate
,common name
) (#633)
Improvements:
resource/cloudflare_logpush_job
: SupportImport
on the resource (#618)
Fixes:
resource/cloudflare_record
: Missing CAA in DNS validation (#619)
Improvements:
resource/cloudflare_record
: Stricter validation for record types (#610)resource/logpush_job
: Add more verbose error handling (#564)resource/zone_settings_override
: Update documentation forcache_level
values (#606)resource/access_application
: Add documentation for available attributes (#587)resource/cloudflare_firewall_rule
: Add support for bypassing security configuration rules by URL (#568)resource/cloudflare_record_migrate
: Usezone_id
for state migration before attempting to usedomain
(#566)resource/cloudflare_load_balancer
: Updatesession_affinity
validation to allow"ip_cookie"
(#573)datasource/ip_ranges
: Update documentation to show 0.12 syntax (#617)
Fixes
resource/zone_settings_override
: Handle individual zone settings withinDelete
operations (#599)
- New Resource:
cloudflare_origin_ca_certificate
(#547)
Fixes:
resource/cloudflare_zone_settings_override
: Renamed0rtt
tozero_rtt
to conform to HCL grammar requirements (#557)
Improvements:
resource/cloudflare_access_rule
: Addip6
as valid option (#560)resource/cloudflare_spectrum_application
: Swapproxy_protocol
to string field with supporting enum values instead (#561)resource/cloudflare_waf_rule
: Addpackage_id
as valid option and exportgroup_id
(#552)
Improvements:
resource/cloudflare_zone_settings_override
: Addnon_identity
to alloweddecision
schema (#541)resource/cloudflare_zone_settings_override
: Add support for0rtt
andhttp3
settings (#542)resource/cloudflare_load_balancer_monitor
: Allow empty string forexpected_body
(#539)resource/cloudflare_worker_script
: Add support for Worker KV Namespace Bindings (#544)data_source/waf_rules
,resource/cloudflare_waf_rule
, Support allowed modes for WAF Rules (#550)
Fixes:
resource/cloudflare_spectrum_application
: Spectrum origin_port is optional (#549)
- New datasource:
cloudflare_waf_rules
(#525)
Improvements:
resource/cloudflare_zone
: Exposeverification_key
for partial setups (#532)resource/cloudflare_worker_route
: Enable API Tokens support from upstream cloudflare-go release
- New Resource:
cloudflare_access_service_tokens
(#521) - New Resource:
cloudflare_waf_package
(#475) - New Resource:
cloudflare_waf_group
(#476) - New datasource:
cloudflare_waf_groups
(#508) - New datasource:
cloudflare_waf_packages
(#509)
Fixes:
resource/cloudflare_page_rule
: Seth2_prioritization
individually not via bulk endpoint (#493)resource/cloudflare_zone_settings_override
: Setzone_id
to prevent unnecessary re-creation of resources (#502)
Improvements:
resource/cloudflare_spectrum_application
: Add support for settingtraffic_type
(#481)resource/cloudflare_zone_settings_override
: Update documentation with default values (#498)
Internals:
- Migrated to Terraform plugin SDK (#489)
Breaking changes:
provider/cloudflare
:- renamed
token
toapi_key
- renamed
org_id
toaccount_id
- removed
use_org_from_zone
, you need to explicitly specifyaccount_id
- Environment variables:
- renamed
CLOUDFLARE_TOKEN
toCLOUDFLARE_API_TOKEN
- renamed
CLOUDFLARE_ORG_ID
toCLOUDFLARE_ACCOUNT_ID
- removed
CLOUDFLARE_ORG_ZONE
, you need to explicitly specifyCLOUDFLARE_ACCOUNT_ID
- Changed the following resources to require Zone ID:
cloudflare_access_rule
cloudflare_filter
cloudflare_firewall_rule
cloudflare_load_balancer
cloudflare_page_rule
cloudflare_rate_limit
cloudflare_record
cloudflare_waf_rule
cloudflare_worker_route"
cloudflare_zone_lockdown
cloudflare_zone_settings_override
- Workers single-script support removed
Please see Version 2 Upgrade Guide for details.
Improvements:
cloudflare/resource_cloudflare_argo
: Handle errors when fetching tiered caching + smart routing settings (#477)- Various documentation updates for 0.12 syntax
Fixes:
resource/cloudflare_load_balancer
: Markzone
as Computed to allow deprecations (#462)resource/cloudflare_page_rule
: Markzone
as Computed to allow deprecations (#462)resource/cloudflare_rate_limit
: Markzone
as Computed to allow deprecations (#462)resource/cloudflare_waf_rule
: Markzone
as Computed to allow deprecations (#462)resource/cloudflare_worker_route
: Markzone
as Computed to allow deprecations (#462)resource/cloudflare_worker_script
: Markzone
as Computed to allow deprecations (#462)resource/cloudflare_zone_lockdown
: Markzone
as Computed to allow deprecations (#462)
Fixes:
resource/cloudflare_page_rule
: Fix a logic condition where settingedge_cache_ttl
action but then not updating it in subsequentapply
runs causes it to be blown away (#453)
Improvements:
- provider: You can now use API tokens to authenticate instead of user email and key (#450)
resource/cloudflare_zone_lockdown
:priority
can now be set on the resource (#445)resource/cloudflare_custom_ssl
: Updated website documentation navigation to include link for resource (#442))
Deprecations:
resource/cloudflare_access_rule
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_filter
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_firewall_rule
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_load_balancer
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_page_rule
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_rate_limit
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_waf_rule
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_worker_route
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_worker_script
:zone
has been superseded by usingzone_id
(#452)resource/cloudflare_zone_lockdown
:zone
has been superseded by usingzone_id
(#452)
Fixes:
- Partially revert [#421] deprecation messages
Removals:
resource/cloudflare_zone_settings_override
:sha1_support
has been removed due to Cloudflare no longer supporting SHA1 certificates or the API endpoint (#415)
Deprecations:
resource/cloudflare_zone_settings_override
:tls_1_2_only
has been superseded by usingmin_tls_version
instead (#405)resource/cloudflare_access_rule
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_filter
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_firewall_rule
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_load_balancer
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_page_rule
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_rate_limit
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_waf_rule
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_worker_route
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_worker_script
:zone
has been superseded by usingzone_id
(#421)resource/cloudflare_zone_lockdown
:zone
has been superseded by usingzone_id
(#421)
Improvements:
- New Resource:
cloudflare_custom_ssl
(#418) resource/cloudflare_filter
: Strip all surrounding whitespace from filter expressions to match API responses (#361)resource/cloudflare_zone
: Support unicode zone name values (#412)resource/cloudflare_page_rule
: Allow settingorigin_pull
for SSL (#430)resource/cloudflare_load_balancer_monitor
: Add TCP support for load balancer monitor (#428)
Fixes:
resource/cloudflare_logpush_job
: Update documentation (#395)resource/cloudflare_zone_lockdown
: Fix: examples in documentation (#407)resource/cloudflare_page_rule
: Set nil on changed string-based Page Rule actions
Fixes:
resource/cloudflare_page_rule
: Fix regression inbrowser_cache_ttl
where the value was sent as a string instead of an integer to the remote (#390)
Improvements:
resource/cloudflare_zone_settings_override
: Add support forh2_prioritization
andimage_resizing
(#381)resource/cloudflare_load_balancer_pool
: Update IP range for tests to not use reserved ranges (#369)
Fixes:
resource/cloudflare_page_rule
: Fix issues withbrowser_cache_ttl
defaults and when value is0
(for Enterprise users) (#379)
- The provider is now compatible with Terraform v0.12, while retaining compatibility with prior versions. (#309)
Improvements:
- New Resource:
cloudflare_argo
Manage Argo features (#304) cloudflare_zone
: Support management of partial zones (#303)cloudflare_rate_limit
: Updatemodes
documentation (#293)cloudflare_load_balancer
: Allow steering policy of "random" (#329)
Fixes:
cloudflare_page_rule
- Allow settingbrowser_cache_ttl
to 0 (#293)cloudflare_page_rule
- Swap to completely replacing rules (#338)
Improvements
- New Resource:
cloudflare_logpush_job
(#287) cloudflare_zone_settings
- Remove option to togglealways_on_ddos
(#253)cloudflare_page_rule
- Update documentation to clarify "0" usagecloudflare_zones
- Return zone ID and zone name (#275)cloudflare_load_balancer
- Addenabled
field (#208)cloudflare_record
- validators: Allow PTR DNS records (#283)
Fixes:
cloudflare_custom_pages
- Use correct casing forzone_id
lookupscloudflare_rate_limit
- Makecorrelate
optional and not flap in state management (#271)cloudflare_spectrum_application
- Fixed integration tests to work (#275)cloudflare_page_rule
- Better track field changes inactions
resource. (#107)
Improvements:
- provider: Enable request/response logging (#212)
- resource/cloudflare_load_balancer_monitor: Add validation for
port
(#213) - resource/cloudflare_load_balancer_monitor: Add
allow_insecure
andfollow_redirects
(#205) - resource/cloudflare_page_rule: Updated available actions documentation to match what is available (#228)
- provider: Swap to using go modules for dependency management (#230)
- provider: Minimum Go version for development is now 1.11 (#230)
Fixes:
- resource/cloudflare_record: Read
data
back from API correctly (#217) - resource/cloudflare_rate_limit: Read
correlate
back from API correctly (#204) - resource/cloudflare_load_balancer_monitor: Fix incorrect type cast for
port
(#213) - resource/cloudflare_load_balancer: Make
steering_policy
computed to avoid spurious diffs (#214) - resource/cloudflare_load_balancer: Read
session_affinity
back from API to make import work & detects drifts (#214)
Improvements:
- New Resource:
cloudflare_spectrum_app
(#156) - New Data Source:
cloudflare_zones
(#168) cloudflare_load_balancer_monitor
- Add optionalport
parameter (#179)cloudflare_page_rule
- Improved documentation forpriority
attribute (#182], missingexplicit_cache_control
[#185)cloudflare_rate_limit
- Addchallenge
andjs_challenge
rate-limit modes (#172)
Fixes:
cloudflare_page_rule
- Page rulezone
attribute change to trigger new resource (#183)
Improvements:
cloudflare_zone_settings_override
- Addopportunistic_onion
zone setting support (#170)cloudflare_zone
- Add ability to set zone plan (#160)
Fixes:
cloudflare_zone
- Allow zones to be properly imported (#157)cloudflare_access_policy
- Match access_policy argument requisites with reality (#158)cloudflare_filter
- Allowzone_id
to setzone
and vice versa (#162)cloudflare_firewall_rule
- Allowzone_id
to setzone
and vice versa (#174)cloudflare_access_rule
- Ensurezone
andzone_id
are always set (#175)- Minor documentation fixes
Improvements:
- New Resource:
cloudflare_access_application
(#145) - New Resource:
cloudflare_access_policy
(#145) cloudflare_load_balancer
- Add steering policy support (#147)cloudflare_load_balancer
- Supportsession_affinity
(#153)cloudflare_load_balancer_pool
- Supportweight
(#153)
Fixes:
cloudflare_record
- Compare name without the zone name (#151)- Minor documentation fixes (#149] [#152)
Improvements:
- New Resource:
cloudflare_zone
(#58) - New Resource:
cloudflare_custom_pages
(#132) cloudflare_zone_settings_override
- Allow setting SSL level to Strict (SSL-Only Origin Pull) (#122)- Update provider usage/build docs and how to update a dependency (#138)
- Improve
Building The Provider
instructions (#143) cloudflare_access_rule
- Make importable for all rule types (#141)cloudflare_load_balancer_pool
- ImplementUpdate
(#140)
Fixes:
cloudflare_rate_limit
- Documentation fixes for markdown where _ALL_ is italicized (#125)cloudflare_worker_route
- Correctly setmulti_script
on Enterprise worker imports (#124)account_member
- Ignore role ID ordering (#128)cloudflare_rate_limit
- Origin traffic isn't default anymore (#130)cloudflare_rate_limit
- Update rate limit validation to allow1
(#129)cloudflare_record
- Add validation to ensure TTL is not set whileproxied
is true (#127)- Updated code for provider version in User-Agent
cloudflare_zone_lockdown
- Fix import of zone lockdowns (#135)
Improvements:
- New Resource:
cloudflare_account_member
(#78)
Improvements:
- New Resource:
cloudflare_filter
- New Resource:
cloudflare_firewall_rule
Improvements:
- New Resource:
cloudflare_zone_lockdown
(#115)
Fixes:
- Send User-Agent header with name and version when contacting API
cloudflare_page_rule
- Fix page rule polish (off, lossless or lossy) (#116)
Improvements:
Improvements:
- New Resource:
cloudflare_access_rule
(#64)
Fixes:
cloudflare_zone_settings_override
- Change Zone Settings Override to use GetOkExists (#107)
Improvements:
- New Resource:
cloudflare_waf_rule
(#98) cloudflare_zone_settings_override
- Addoff
as Security Level setting (#99)resource_cloudflare_rate_limit
- Add nat support (#96)resource_cloudflare_zone_settings_override
- Addzrt
as a value for thetls_1_3
setting (#106)- Minor documentation improvements
Fixes:
cloudflare_record
- Setting a DNS record'sproxied
flag to false stopped working (#103)
FIXES:
cloudflare_ip_ranges
- IPv6 CIDR blocks should return IPv6 addresses (#51)cloudflare_zone_settings_override
- Allow0
forbrowser_cache_ttl
(#71)cloudflare_page_rule
-forwarding_urls
in page rules are lists (#79)cloudflare_page_rule
- The API supportsactive
anddisabled
, notpaused
(#84)
IMPROVEMENTS:
cloudflare_zone_settings_override
- Add support formin_tls_version
(#72)cloudflare_page_rule
- Add support for more settings:bypass_cache_on_cookie
,cache_by_device_type
,cache_deception_armor
,cache_on_cookie
,host_header_override
,polish
,explicit_cache_control
,origin_error_page_pass_thru
,sort_query_string_for_cache
,resolve_override
,respect_strong_etag
,response_buffering
,true_client_ip_header
,mirage
,disable_railgun
,cache_key
,waf
,rocket_loader
,cname_flattening
(#68], [#81], [#85)cloudflare_page_rule
- Addoff
setting tosecurity_level
(#81)cloudflare_record
- DNS Record improvements (#97)- Various documentation improvements
BACKWARDS INCOMPATIBILITIES / NOTES:
- resource/cloudflare_record: Changing
name
ordomain
now force a recreation of the record (#29)
FEATURES:
- New Resource:
cloudflare_rate_limit
(#30) - New Resource:
cloudflare_page_rule
(#38) - New Resource:
cloudflare_load_balancer
(#40) - New Resource:
cloudflare_load_balancer_pool
(#40) - New Resource:
cloudflare_zone_settings_override
(#41) - New Resource:
cloudflare_load_balancer_monitor
(#42) - New Data Source:
cloudflare_ip_ranges
(#28)
IMPROVEMENTS:
- resource/cloudflare_record: Validate
TXT
records (#14) - resource/cloudflare_record: Add
data
input to suppport SRV, LOC records (#29) - resource/cloudflare_record: Add computed attributes
created_on
,modified_on
,proxiable
, andmetadata
to records (#29) - resource/cloudflare_record: Support import of existing records (#36)
- New Provider configuration options for API rate limiting (#43)
- New Provider configuration options for using Organizations (#40)
NOTES:
- Same functionality as that of Terraform 0.9.8. Repacked as part of Provider Splitout