FEATURES:
- New Resource:
cloudflare_tunnel_route(#1572)
ENHANCEMENTS:
- resource/cloudflare_certificate_pack: add support for new option (
wait_for_active_status) to block creation until certificate pack is active (#1567) - resource/cloudflare_notification_policy: Add
sloto notification policy filters (#1573) - resource/cloudflare_teams_list: Add support for IP type (#1550)
BUG FIXES:
- cloudflare_tunnel_routes: Fix reads matching routers with larger CIDRs (#1581)
- resource/cloudflare_access_group: allow github access groups to be created without a list of teams (#1589)
- resource/cloudflare_logpush_job: make ownership challenge check for https not required (#1588)
- resource/cloudflare_tunnel_route: Fix importing resource (#1580)
- resource/cloudflare_zone: update plan identifier for professional rate plans (#1583)
NOTES:
- resource/cloudflare_byo_ip_prefix: now requires an explicit
account_idparameter instead of implicitly relying onclient.AccountID(#1563) - resource/cloudflare_ip_list: no longer sets
client.AccountIDinternally for resources (#1563) - resource/cloudflare_magic_firewall_ruleset: no longer sets
client.AccountIDinternally for resources (#1563) - resource/cloudflare_static_route: no longer sets
client.AccountIDinternally for resources (#1563) - resource/cloudflare_worker_cron_trigger: now requires an explicit
account_idparameter instead of implicitly relying onclient.AccountID(#1563)
ENHANCEMENTS:
- resource/cloudflare_custom_pages: add support for managed_challenge action (#1478)
- resource/cloudflare_ruleset: add support for rule
logging(#1538)
ENHANCEMENTS:
- resource/cloudflare_ruleset: Setting description to
Optionalto better reflect API requirements (#1556)
BUG FIXES:
- resource/cloudflare_zone: don't get stuck in endless loop for partner zone rate plans (#1547)
NOTES:
- resource/cloudflare_healthcheck:
notification_suspendedandnotification_email_addressesattributes are being deprecated in favour ofcloudflare_notification_policyresource instead. (#1529)
FEATURES:
- New Resource:
cloudflare_access_bookmark(#1539)
ENHANCEMENTS:
- resource/cloudflare_access_application: Add service_auth_401_redirect field. (#1540)
BUG FIXES:
- resource/cloudflare_api_token: ignore ordering changes in
permission_groups(#1545) - resource/cloudflare_notification_policy: Fix unexpected crashes when using cloudflare_notification_policy with a filters attribute (#1542)
- resource/cloudflare_zone_dnssec: don't try to enable DNSSEC when state is "pending" (#1530)
NOTES:
- resource/cloudflare_origin_ca_certificate:
requested_validityno longer decrements until theexpires_onvalue but is now the amount of days the certificate was requested for. (#1502)
FEATURES:
- New Resource:
cloudflare_teams_proxy_endpoint(#1517) - New Resource:
cloudflare_waiting_room_event(#1509)
ENHANCEMENTS:
- resource/cloudflare_page_rule: add support for
actions.disable_zaraz(#1523) - resource/cloudflare_ruleset: add support for
action_parameters.responseto control the response when triggering a WAF rule (#1507) - resource/cloudflare_ruleset: add support for
ratelimit.requests_to_origin(#1507)
BUG FIXES:
- resource/cloudflare_device_posture_integration: remove superfluous
idfrom schema (#1504) - resource/cloudflare_spectrum_application: Fix 'edge_ip_connectivity' state persistence (#1515)
BUG FIXES:
- resource/cloudflare_ruleset: don't attempt to upgrade ratelimit if it isn't set (#1501)
BREAKING CHANGES:
- resource/cloudflare_ruleset: rename
mitigation_expressiontocounting_expression(#1477)
ENHANCEMENTS:
- resource/cloudflare_access_rule: add support for managed_challenge action (#1457)
- resource/cloudflare_custom_hostname: adds support for custom_origin_sni (#1482)
- resource/cloudflare_device_policy_certificates: add support for device policy certificate settings (#1467)
- resource/cloudflare_teams_rules: Add
insecure_disable_dnssec_validationoption to settings (#1469) - resource/cloudflare_zone: add support for partner rate plans (#1464)
BUG FIXES:
- resource/cloudflare_record: no need to pass the resourceCloudflareRecordUpdate to the NonRetryable handler (#1496)
NOTES:
- resource/cloudflare_api_token: revert swap from TypeList to TypeSet due to broken migration (#1455)
FEATURES:
- New Data Source:
cloudflare_devices(#1453)
FEATURES:
ENHANCEMENTS:
- cloudflare_ruleset: add support for "managed_challenge" action (#1442)
- resource/certificate_pack: adds
validation_errorsandvalidation_recordswith same format as custom hostnames. (#1424) - resource/custom_hostname: also adds missing
validation_errors, andcertificate_authority(#1424) - resource/custom_hostname: validation tokens are now an array (
validation_records) instead of a top level, but the only top level record that was previously here was for cname validation, txt/http/email were entirely missing. (#1424)
BUG FIXES:
- cloudflare_argo_tunnel: conditionally fetch settings based on the provided configuration (#1451)
- resource/cloudflare_api_token: ignore ordering of
permission_groupIDs (#1425)
FEATURES:
- New Resource:
cloudflare_ipsec_tunnel(#1404)
ENHANCEMENTS:
- datasource/cloudflare_zones: allow filtering by account_id (#1401)
- resource/cloudflare_cloudflare_teams_rules: Add
check_sessionandadd_headersattributes to settings (#1402) - resource/cloudflare_cloudflare_teams_rules: Add
disable_download,disable_keyboard, anddisable_uploadattributes toBISOAdminControls(#1402) - resource/cloudflare_logpush_job: add support for managing
dns_logs(#1400) - resource/cloudflare_ruleset: add skip support for
productsandphases(#1391) - resource/cloudflare_ruleset: smoother handling of UI/API collisions during migrations (#1393)
- resource/cloudflare_teams_accounts: Add the
fipsfield for configuring FIPS-compliant TLS. (#1380)
BUG FIXES:
- resource/cloudflare_fallback_domain: default entries are now restored on delete. (#1399)
- resource/cloudflare_ruleset: conditionally set action parameter "version" (#1388)
- resource/cloudflare_ruleset: fix handling of
falsevalues for category/rule overrides (#1405)
FEATURES:
- New Resource:
cloudflare_device_posture_integration(#1340) - New Resource:
cloudflare_fallback_domain(#1356)
ENHANCEMENTS:
- resource/cloudflare_firewall_rule: add support for managed_challenge action (#1378)
- resource/cloudflare_load_balancer_monitor: added support for smtp, icmp_ping, and udp_icmp monitors (#1371)
- resource/cloudflare_logpush_job: add support for account-level logpush jobs (#1311)
- resource/cloudflare_logpush_ownership_challenge: add support for account-level logpush ownership challenges (#1311)
BUG FIXES:
- resource/cloudflare_api_token: modified_on is now read correctly (#1368)
DEPENDENCIES:
github.com/cloudflare/cloudflare-gov0.29.0 => v0.30.0 (#1379)
ENHANCEMENTS:
- resource/cloudflare_access_application: add bookmark type to apptypes (#1343)
- resource/cloudflare_teams_rules: GATE-2273: Adds support for device posture gateway rules (#1353)
BUG FIXES:
- resource/cloudflare_load_balancer: handle empty
rulesforresourceCloudflareLoadBalancerStateUpgradeV1(#1257) - resource/cloudflare_split_tunnel: import will now use correct import function (#1345)
NOTES:
- provider: split schema definition from resource CRUD operations (#1321)
FEATURES:
- New Data Source:
cloudflare_access_identity_provider(#1300)
ENHANCEMENTS:
- resource/cloudflare_access_application: add support for
app_launcher_visibleto the schema (#1303) - resource/cloudflare_ruleset: add support for rewriting HTTP response headers (#1339)
- resource/cloudflare_zone: support changing
typevalues (#1301)
BUG FIXES:
- resource/cloudflare_access_group: fix mapping error for AzureAD (#1341)
- resource/cloudflare_access_rule: allow "ip6" to be a padded or unpadded value and compare correctly (#1294)
- resource/cloudflare_argo: call
ReadforImportoperations (#1295) - resource/cloudflare_argo_tunnel: fix import mechanism (#1329)
- resource/cloudflare_argo_tunnel: update CNAME to use
cfargotunnel.com(#1293) - resource/cloudflare_origin_ca_certificate: reintroduce
DiffSuppressFuncforrequested_validitychanges to handle all schema/SDK combinations (#1289) - resource/cloudflare_split_tunnel: import now works by specifying accountId/mode (#1313)
- resource/cloudflare_teams_list: ignore
itemsordering (#1338)
ENHANCEMENTS:
- provider: add the ability to configure a different hostname and base path for the API client (#1270)
- resource/cloudflare_access_application: add support for 'skip_interstitial' and 'logo_url' properties (#1262)
- resource/cloudflare_custom_hostname: add
settings.early_hintsto ssl schema (#1286) - resource/cloudflare_ruleset: add support for exposed credential checks (#1263)
- resource/cloudflare_zone_setting_override: add support for overriding
early_hints(#1285)
BUG FIXES:
- resource/cloudflare_ruleset: allow action parameter override
enabledto be true/false or uninitialised (#1275) - resource/cloudflare_ruleset: allow setting
uriandpathaction parmeters together in a single rule (#1271)
FEATURES:
- New Data Source:
cloudflare_account_roles(#1238)
ENHANCEMENTS:
- resource/cloudflare_access_application: add support for 'SameSite' and 'HttpOnly' cookie attributes (#1241)
- resource/cloudflare_argo_tunnel: add
cnameas exported attribute (#1259) - resource/cloudflare_load_balancer_pool: add support for origin steering (#1240)
- resource/cloudflare_ruleset: add support for 'Action' and 'Enabled' action_parameters > overrides attributes (#1249)
- resource/cloudflare_zone_setting_override: add support for overriding
binary_ast(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
filter_logs_to_cloudflare(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
log_to_cloudflare(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
orange_to_orange(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
proxy_read_timeout(#1261) - resource/cloudflare_zone_setting_override: add support for overriding
visitor_ip(#1261)
BUG FIXES:
- resource/cloudflare_access_policy: handle empty
nilvalues for building policies (#1237) - resource/cloudflare_ruleset: don't attempt to update "custom" rulesets using the phase entrypoint (#1245)
NOTES:
- provider: cloudflare-go has been upgraded to v0.25.0 (#1236)
FEATURES:
ENHANCEMENTS:
- provider: add support for debugging via debuggers (like delve) (#1217)
- resource/cloudflare_access_policy: add support for approval_required flag (#1230)
BUG FIXES:
- resource/cloudflare_account_member: handle role changes made in the dashboard (#1202)
- resource/cloudflare_origin_ca_certificate: ignore
requested_validitychanges due to the value decreasing but still store it (#1214) - resource/cloudflare_record: handle
Updates for records withdatablocks (#1229)
ENHANCEMENTS:
- resource/cloudflare_ruleset: add support for ddos_l7 configuration (#1212)
ENHANCEMENTS:
- resource/cloudflare_access_rule: add state migrator for 3.x (#1211)
- resource/cloudflare_custom_ssl: add state migrator for 3.x (#1211)
- resource/cloudflare_load_balancer: add state migrator for 3.x (#1211)
- resource/cloudflare_record: add state migrator for 3.x (#1211)
BREAKING CHANGES:
- resource/cloudflare_access_rule:
configurationis now aTypeListinstead of aTypeMap(#1188) - resource/cloudflare_custom_ssl:
custom_ssl_optionsis now aTypeListinstead ofTypeMap(#1188) - resource/cloudflare_load_balancer:
fixed_responseis now aTypeListinstead of aTypeMap(#1188) - resource/cloudflare_load_balancer: fixed_response.status_code
is now aTypeIntinstead of aTypeString` (#1188) - resource/cloudflare_record:
datais now aTypeListinstead of aTypeMap(#1188)
NOTES:
- provider: Golang version has been upgraded to 1.17 (#1188)
- provider: HTTP user agent is now "terraform/:version terraform-plugin-sdk/:version terraform-provider-cloudflare/:version" (#1188)
- provider: Minimum Terraform core version is now 0.14 (#1188)
- provider: terraform-plugin-sdk has been upgraded to 2.x (#1188)
ENHANCEMENTS:
- resource/cloudflare_custom_hostname:
settings.ciphersis now aTypeSetinternally to handle suppress ordering changes. Schema representation remains the same (#1188) - resource/cloudflare_custom_hostname:
settingsis nowOptional/Computedto reflect the stricter schema validation introduced in terraform-plugin-sdk v2 (#1188) - resource/cloudflare_custom_hostname:
statusis nowComputedas the value isn't managed by an end user (#1188)
NOTES:
- provider: Update to cloudflare-go v0.22.0 (#1184)
FEATURES:
- New Resource:
cloudflare_access_keys_configuration(#1186) - New Resource:
cloudflare_teams_account(#1173) - New Resource:
cloudflare_teams_rule(#1173)
ENHANCEMENTS:
- resource/cloudflare_access_policy: add support for purpose justification and approvals (#1199)
- resource/cloudflare_ruleset: add support for HTTP rate limiting (#1179)
- resource/cloudflare_ruleset: add support for Transform Rules (#1169)
- resource/cloudflare_ruleset: add support for WAF payload logging (#1174)
- resource/cloudflare_ruleset: add support for more complex skip ruleset configurations (#1201)
BUG FIXES:
- resource/cloudflare_ruleset: fix state handling for terraform-plugin-sdk v2 (#1183)
- resource/cloudflare_zone_settings_override: remap
zero_rtt=>0rttfor resource delete (#1175)
Fixes
resource/cloudflare_ruleset: Send a single payload for rules instead of many individual payloads to prevent overwriting previous rules (#1171)
- New resource:
cloudflare_notification_policy(#1138) - New resource:
cloudflare_notification_policy_webhooks(#1151) - New resource:
cloudflare_ruleset(#1143) - New resource:
cloudflare_teams_location(#1154) - New datasource:
cloudflare_origin_ca_root_certificate(#1158)
Improvements
resource/cloudflare_waiting_room: Add support forjson_response_enabledas an argument (#1122)
Improvements
resource/cloudflare_access_device_posture_rule: Add support fordomain_joined,firewall,os_version, anddisk_encryption(#1137)- provider: bump
cloudflare-goto v0.20.0 (#1146)
Improvements
resource/cloudflare_logpush_job: Add support for"nel_reports"as a dataset (#1122)resource/cloudflare_custom_hostname: Allow SSL options to be optional when not required (#1131)resource/cloudflare_access_identity_provider: Support optional Okta API token (#1119)resource/cloudflare_load_balancer_pool: Add support for load shedding (#1108)resource/cloudflare_load_balancer_pool: Add support for longitude and latitude (#1093)
Fixes
resource/cloudflare_record: Use correctImportmethod on resource (#1116)resource/cloudflare_worker_cron_trigger: Account for deletion of scripts and force a refresh of triggers (#1121)resource/cloudflare_rate_limit: Handleorigin_trafficmissing from API response (#1125)resource/cloudflare_record: Supportallow_overwritefor root records (#1129)
- New resource:
cloudflare_waiting_room(#1053)
Improvements
datasource/cloudflare_waf_rules: Exportdefault_modeas an attribute (#1079)
Fixes
resource/cloudflare_access_application: Revert removal of schema changes causing existing applications unable to re-apply (#1118)
- New resource:
cloudflare_static_route(#1098)
Improvements
resource/cloudflare_origin_ca: Ignore decreasingrequested_validity(#1043)resource/waf_override: Allowrulesto be optional (#1090)resource/cloudflare_zone: Don't attempt to set free zone rate plans as that is already the default (#1102)resource/cloudflare_access_application: Ability to settypefor Applications (#1076)resource/cloudflare_zone_lockdown: Update documentation to show examples of multiple configurations (#1106)
Improvements
- provider: Update to terraform-plugin-sdk v1.17.1 (#1035, #1043)
resource/cloudflare_logpush_job: Allowownership_challengeto be optional to account for Datadog, Splunk or S3-Compatible endpoints (#1048)resource/cloudflare_access_group: Add support forlogin_method(#1066)resource/cloudflare_load_balancer: Add support forpromixitybased steering (#1072)resource/cloudflare_access_application: Prevent bad CORS configuration when credentials and all origins are permitted (#1073)resource/cloudflare_access_service_tokens: Allow configuration to manage automatic renewal when the threshold is crossed and Terraform operations are performed within the window (#1057)resource/cloudflare_load_balancer_pool: Allow support forHostheader settings (#1042)
Fixes
resource/cloudflare_access_policy: Allow empty slices in blocks when building policies (#1034)resource/cloudflare_load_balancer: Fixoverrideattributespop_poolsandregion_poolsreferencing incorrect values causing a panic (#1039)
New resource: cloudflare_access_ca_certificate (#995)
Improvements
resource/cloudflare_access_application: Improve documentation forImportusage (#1002)resource/cloudflare_logpush_job: Update documentation to reflect requirements fordestination_confto match across all uses (#1024)resource/cloudflare_custom_hostname_fallback: Better handle service lag when updating existing resources by attempting retries (#1014)resource/cloudflare_waf_group: Simplify error handling using inbuilt helpers (#1015)resource/cloudflare_waf_rule: Simplify error handling using inbuilt helpers (#1015)resource/cloudflare_waf_package: Simplify error handling using inbuilt helpers (#1015)resource/cloudflare_access_group: Add support forlogin_method(#1018)- provider: Update to cloudflare-go v0.16.0 (#1018)
- provider: Update to terraform-plugin-sdk v1.16.1 (#1003)
resource/cloudflare_load_balancer: Add support forrules(#1016)
Fixes
resource/cloudflare_record: Address regression from 2.19.1 by checking the API response instead of the schema output forPriority(#992)
Fixes
resource/cloudflare_record: UpdatePriorityhandling for MX parked records (#986)
Fixes
resource/cloudflare_access_group: Fix crash when constructing a GSuite group (#940)resource/cloudflare_access_policy: Makeprecedencerequired (#941)resource/cloudflare_access_group: Fix crash when constructing a SAML group (#948)resource/cloudflare_zone: UpdateRetrylogic to look at an available field for passing conditions (#973)resource/cloudflare_page_rule: Allow ignoring/including all query string parameters forcache_key_fields(#975)
Improvements
resource/cloudflare_access_policy: Enable zone and account level resources to be imported (#956)resource/cloudflare_origin_ca_certificate: Smoother import process with less recreation (#955)- provider: Update internals to match
cloudflare-go0.14 for better error handling and context aware methods (#976)
Fixes
datasource/cloudflare_zones: Pagination is now correctly handled internally and will return more than the single page of results (cloudflare/cloudflare-go#534).resource/cloudflare_access_policy: Correctly handle transforming API responses to schema (#917)resource/cloudflare_access_group: Correctly handle transforming API responses to schema (#918)resource/cloudflare_ip_list: Ensure account ID is persisted duringImport(#916)
Improvements
resource/cloudflare_access_application: Allow anysession_durationthat istime.ParseDurationcompatible (#910)resource/cloudflare_rate_limit: Add the ability to configurematch.response.headersin rate limits (#911)resource/cloudflare_access_rule: Validate IP masks within schema (#921)
- New Resource:
cloudflare_magic_firewall_ruleset(#884)
Fixes
resource/cloudfare_api_token: Omittingconditionswill no longer send empty arrays causing IP restriction issues and unusable tokens (#902)
Improvements
resource/cloudflare_access_application: Add support forcustom_deny_messageandcustom_deny_urlvalues (#895)resource/cloudflare_load_balancer_monitor: Add support forprobe_zonefor monitors (#903)
Improvements
resource/cloudflare_load_balancer: Add support forsession_affinity_ttl(#882)resource/cloudflare_load_balancer: Add support forsession_affinity_attributes(#883)
Fixes
resource/cloudflare_page_rule: Fixed crash during update when using custom cache key (#894)
- New Resource:
cloudflare_api_token(#862) - New Datasource:
cloudflare_api_token_permission_groups(#862) - New Resource:
cloudflare_zone_dnssec(#852) - New Datasource:
cloudflare_zone_dnssec(#852)
Improvements
resource/cloudflare_record: Add explicit fields for CAA records instead of relying on the map value (#866)resource/cloudflare_account_member: Swap schemarole_idstoTypeSetto better handle internal ordering changes (#876)
Fixes
datasource/cloudflare_waf_groups: Maked.Id()a consistent string value to prevent Terraform thinking it requires an update (#869)datasource/cloudflare_waf_packages: Maked.Id()a consistent string value to prevent Terraform thinking it requires an update (#869)datasource/cloudflare_waf_rules: Maked.Id()a consistent string value to prevent Terraform thinking it requires an update (#869)datasource/cloudflare_zones: Maked.Id()a consistent string value to prevent Terraform thinking it requires an update (#869)
Fixes
resource/cloudflare_filter: Remove schema based validation for filters (#863)
Improvements
resource/cloudflare_filter: Pass missing credential error through to end user (#860)
Improvements
datasource/cloudflare_ip_ranges: Add the ability to querychina_ipv4_cidr_blocksandchina_ipv6_cidr_blocks(#833)resource/cloudflare_filter: Improve validation of expressions using the schema (#848)
Fixes
resource/cloudflare_page_rule: Set default forcache_key_fields.host.resolvedto prevent panics (#832)resource/cloudflare_authenticated_origin_pulls: Fix off-by-one error check inImport(#832)resource/cloudflare_authenticated_origin_pulls_certificate: Fix off-by-one error check inImport(#832)
Improvements
resource/cloudflare_certificate_pack: Swap internal representation ofhoststo remove inconsistent ordering issues (#800)resource/cloudflare_logpush_job: Handle deletion outside of Terraform (#798)resource/cloudflare_access_group: Add support forgeoconditionals (#803)resource/cloudflare_access_application: Add support forenable_binding_cookie(#802)resource/cloudflare_waf_rule: Improve documentation formode(#824)datasource/cloudflare_waf_rule: Improve documentation formode(#824)resource/cloudflare_access_application: Add support for zone-level routes to Access resources (#819)resource/cloudflare_access_group: Add support for zone-level routes to Access resources (#819)resource/cloudflare_access_identity_provider: Add support for zone-level routes to Access resources (#819)resource/cloudflare_access_policy: Add support for zone-level routes to Access resources (#819)
Fixes
resource/cloudflare_custom_hostname_fallback_origin: Don't retry the "active" status of custom hostnames fallbacks (#818)resource/cloudflare_zone: RemoveDiffSuppressFunccausingjump_startissues (#830)
- New Resource:
cloudflare_certificate_pack(#778)
Improvements
resource/cloudflare_access_group: Add support forauth_method(#762)resource/cloudflare_access_group: De-duplicate blocks in groups by accepting lists instead (#739)resource/cloudflare_worker_script: Adds support forwebassembly_binding(#780)resource/cloudflare_healthcheck: Retry hostname resolution errors when encountering "no such host" responses (#789)resource/cloudflare_access_application: Better validation for allowed methods and origin combinations to prevent getting state into an unrecoverable state (#793)
Fixes
resource/cloudflare_healthcheck: Handle resource deletion outside of Terraform (#787)resource/cloudflare_custom_hostname: EnsureImportsets hostname to prevent recreation (#788)resource/cloudflare_ip_list: Handle resource deletion outside of Terraform (#794)resource/cloudflare_ip_list: Removeitem.idfrom schema (#796)
Fixes
resource/cloudflare_access_application: Handle thezone_id=>account_idmove internally (#724)
- New Resource:
cloudflare_custom_hostname_origin_fallback(#757) - New Resource:
cloudflare_authenticated_origin_pulls(#749) - New Resource:
cloudflare_authenticated_origin_pulls_certificate(#749) - New Resource:
cloudflare_ip_list(#766)
Improvements
resource/cloudflare_spectrum_application: Add support for port ranges (#745)resource/cloudflare_custom_hostname: Force creation of a new resource if thezone_idvalue changes (#761)resource/cloudflare_record: Retry record creation/update if the response includes an "already exists" exception for handling race conditions (#773)
Fixes
resource/cloudflare_firewall_rule: Compare descriptions after converting unicode + HTML entities to prevent unnecessary diffs (#758)resource/cloudflare_filter: Compare descriptions after converting unicode + HTML entities to prevent unnecessary diffs (#758)
- New Resource:
cloudflare_custom_hostname(SSL for SaaS) (#746)
Improvements
resource/access_application: Add support forallowed_idpsand restricting which Identity Providers are associated with an Application (#734)resource/access_application: Add support forauto_redirect_to_identity(#730)resource/access_application: Add CORS support (#725)resource/cloudflare_custom_ssl: Allowgeo_restrictionsto beniland not included in the request payload (#714)datasource/cloudflare_zones: Filtering is now performed on the server side and thenameparameter is no longer a regex. Instead,nameis a string to match on andmatchis a regex. See the website documentation for more examples and updated references (#708) in order to make your code compatible with this release.
- New Resource:
cloudflare_waf_override(#691)
Improvements
resource/cloudflare_argo: Allowtiered_cachingandsmart_routingto be toggled individually allowing for entitlement differences (#703)resource/cloudflare_page_rule: Add support forcache_ttl_by_status(#706)resource/cloudflare_worker_script: Add support forplain_textandsecret_textbindings (#710)
Fixes
resource/cloudflare_record: UpdateTestAccCloudflareRecord_LOCtest asserted value to use less precise floats and match the API responses (#712)resource/cloudflare_record: UpdateTestAccCloudflareRecord_Basictestmetadataattributes to match updated API payload (#713)
- New Resource:
cloudflare_byo_ip_prefix(#671) - New Resource:
cloudflare_logpull_retention(#678) - New Resource:
cloudflare_healthcheck(#680)
Improvements:
resource/cloudflare_worker_route: Improve documentation to mention usingaccount_idfor the underlying APIs (#669)resource/cloudflare_worker_script: Improve documentation to mention usingaccount_idfor the underlying APIs (#670)resource/cloudflare_load_balancer_pool: Improve documentation to mentionnotification_emailaccepts a comma delimited list of emails (#687)resource/cloudflare_page_rule: Add support forcache_key_fieldsPage Rule action (#662)
Fixes:
resource/cloudflare_zone_settings_override: Fix regression where if you didn't have universal SSL settings defined, it would error when setting them (#663)resource/cloudflare_zone: Handle changing zone rate plan from "free" to "enterprise" (#668)resource/cloudflare_record: Update validation to allow PTR records (9a8fd43)
Improvements:
resource/cloudflare_zone_settings_override: Adduniversal_sslto control enablement of Universal SSL on a zone (#658)- provider: API keys and API tokens are now validated to help differentiate incorrect usage before making API calls (#661)
resource/cloudflare_logpush_job: Add support for "firewall_events" dataset parameter (#660)resource/cloudflare_logpush_job: Add support for "dataset" parameter (#649)resource/cloudflare_zone_settings_override: Removeedge_cache_ttl(#654)resource/cloudflare_access_group: Allow Access conditions forinclude/require/excludeto be used consistently between Access Groups and Access Policies (#646)
Fixes:
resource/cloudflare_logpush_job: fix forstrconv.Atoi: parsing ""error while creating Logpush job
Improvements:
resource/cloudflare_zone_settings_override: Updateimage_resizingoptions to include"open"(#639)
Fixes:
resource/cloudflare_access_group: Fixed misspelt Okta in JSON payload (cloudflare/cloudflare-go#440)
Improvements:
resource/cloudflare_access_policy: Add support forservice_tokenandany_valid_service_token(#612)resource/cloudflare_waf_group: Handle WAF group deletions in the API responses (#623)resource/cloudflare_waf_package: Handle WAF package deletions in the API responses (#623)resource/cloudflare_waf_rule: Handle WAF rule deletions in the API responses (#623)resource/cloudflare_access_policy: Add support forgroup(#626)resource/cloudflare_firewall_rule: Add support for bypassing specificproducts(#630)resource/cloudflare_spectrum_application: Add support foredge_ips,argo_smart_routingandedge_ip_connectivity(#631)resource/cloudflare_access_group: Add support for using external providers (gsuite,github,azure,okta,saml,mTLS certificate,common name) (#633)
Improvements:
resource/cloudflare_logpush_job: SupportImporton the resource (#618)
Fixes:
resource/cloudflare_record: Missing CAA in DNS validation (#619)
Improvements:
resource/cloudflare_record: Stricter validation for record types (#610)resource/logpush_job: Add more verbose error handling (#564)resource/zone_settings_override: Update documentation forcache_levelvalues (#606)resource/access_application: Add documentation for available attributes (#587)resource/cloudflare_firewall_rule: Add support for bypassing security configuration rules by URL (#568)resource/cloudflare_record_migrate: Usezone_idfor state migration before attempting to usedomain(#566)resource/cloudflare_load_balancer: Updatesession_affinityvalidation to allow"ip_cookie"(#573)datasource/ip_ranges: Update documentation to show 0.12 syntax (#617)
Fixes
resource/zone_settings_override: Handle individual zone settings withinDeleteoperations (#599)
- New Resource:
cloudflare_origin_ca_certificate(#547)
Fixes:
resource/cloudflare_zone_settings_override: Renamed0rtttozero_rttto conform to HCL grammar requirements (#557)
Improvements:
resource/cloudflare_access_rule: Addip6as valid option (#560)resource/cloudflare_spectrum_application: Swapproxy_protocolto string field with supporting enum values instead (#561)resource/cloudflare_waf_rule: Addpackage_idas valid option and exportgroup_id(#552)
Improvements:
resource/cloudflare_zone_settings_override: Addnon_identityto alloweddecisionschema (#541)resource/cloudflare_zone_settings_override: Add support for0rttandhttp3settings (#542)resource/cloudflare_load_balancer_monitor: Allow empty string forexpected_body(#539)resource/cloudflare_worker_script: Add support for Worker KV Namespace Bindings (#544)data_source/waf_rules,resource/cloudflare_waf_rule, Support allowed modes for WAF Rules (#550)
Fixes:
resource/cloudflare_spectrum_application: Spectrum origin_port is optional (#549)
- New datasource:
cloudflare_waf_rules(#525)
Improvements:
resource/cloudflare_zone: Exposeverification_keyfor partial setups (#532)resource/cloudflare_worker_route: Enable API Tokens support from upstream cloudflare-go release
- New Resource:
cloudflare_access_service_tokens(#521) - New Resource:
cloudflare_waf_package(#475) - New Resource:
cloudflare_waf_group(#476) - New datasource:
cloudflare_waf_groups(#508) - New datasource:
cloudflare_waf_packages(#509)
Fixes:
resource/cloudflare_page_rule: Seth2_prioritizationindividually not via bulk endpoint (#493)resource/cloudflare_zone_settings_override: Setzone_idto prevent unnecessary re-creation of resources (#502)
Improvements:
resource/cloudflare_spectrum_application: Add support for settingtraffic_type(#481)resource/cloudflare_zone_settings_override: Update documentation with default values (#498)
Internals:
- Migrated to Terraform plugin SDK (#489)
Breaking changes:
provider/cloudflare:- renamed
tokentoapi_key - renamed
org_idtoaccount_id - removed
use_org_from_zone, you need to explicitly specifyaccount_id - Environment variables:
- renamed
CLOUDFLARE_TOKENtoCLOUDFLARE_API_TOKEN - renamed
CLOUDFLARE_ORG_IDtoCLOUDFLARE_ACCOUNT_ID - removed
CLOUDFLARE_ORG_ZONE, you need to explicitly specifyCLOUDFLARE_ACCOUNT_ID - Changed the following resources to require Zone ID:
cloudflare_access_rulecloudflare_filtercloudflare_firewall_rulecloudflare_load_balancercloudflare_page_rulecloudflare_rate_limitcloudflare_recordcloudflare_waf_rulecloudflare_worker_route"cloudflare_zone_lockdowncloudflare_zone_settings_override- Workers single-script support removed
Please see Version 2 Upgrade Guide for details.
Improvements:
cloudflare/resource_cloudflare_argo: Handle errors when fetching tiered caching + smart routing settings (#477)- Various documentation updates for 0.12 syntax
Fixes:
resource/cloudflare_load_balancer: Markzoneas Computed to allow deprecations (#462)resource/cloudflare_page_rule: Markzoneas Computed to allow deprecations (#462)resource/cloudflare_rate_limit: Markzoneas Computed to allow deprecations (#462)resource/cloudflare_waf_rule: Markzoneas Computed to allow deprecations (#462)resource/cloudflare_worker_route: Markzoneas Computed to allow deprecations (#462)resource/cloudflare_worker_script: Markzoneas Computed to allow deprecations (#462)resource/cloudflare_zone_lockdown: Markzoneas Computed to allow deprecations (#462)
Fixes:
resource/cloudflare_page_rule: Fix a logic condition where settingedge_cache_ttlaction but then not updating it in subsequentapplyruns causes it to be blown away (#453)
Improvements:
- provider: You can now use API tokens to authenticate instead of user email and key (#450)
resource/cloudflare_zone_lockdown:prioritycan now be set on the resource (#445)resource/cloudflare_custom_ssl: Updated website documentation navigation to include link for resource (#442))
Deprecations:
resource/cloudflare_access_rule:zonehas been superseded by usingzone_id(#452)resource/cloudflare_filter:zonehas been superseded by usingzone_id(#452)resource/cloudflare_firewall_rule:zonehas been superseded by usingzone_id(#452)resource/cloudflare_load_balancer:zonehas been superseded by usingzone_id(#452)resource/cloudflare_page_rule:zonehas been superseded by usingzone_id(#452)resource/cloudflare_rate_limit:zonehas been superseded by usingzone_id(#452)resource/cloudflare_waf_rule:zonehas been superseded by usingzone_id(#452)resource/cloudflare_worker_route:zonehas been superseded by usingzone_id(#452)resource/cloudflare_worker_script:zonehas been superseded by usingzone_id(#452)resource/cloudflare_zone_lockdown:zonehas been superseded by usingzone_id(#452)
Fixes:
- Partially revert [#421] deprecation messages
Removals:
resource/cloudflare_zone_settings_override:sha1_supporthas been removed due to Cloudflare no longer supporting SHA1 certificates or the API endpoint (#415)
Deprecations:
resource/cloudflare_zone_settings_override:tls_1_2_onlyhas been superseded by usingmin_tls_versioninstead (#405)resource/cloudflare_access_rule:zonehas been superseded by usingzone_id(#421)resource/cloudflare_filter:zonehas been superseded by usingzone_id(#421)resource/cloudflare_firewall_rule:zonehas been superseded by usingzone_id(#421)resource/cloudflare_load_balancer:zonehas been superseded by usingzone_id(#421)resource/cloudflare_page_rule:zonehas been superseded by usingzone_id(#421)resource/cloudflare_rate_limit:zonehas been superseded by usingzone_id(#421)resource/cloudflare_waf_rule:zonehas been superseded by usingzone_id(#421)resource/cloudflare_worker_route:zonehas been superseded by usingzone_id(#421)resource/cloudflare_worker_script:zonehas been superseded by usingzone_id(#421)resource/cloudflare_zone_lockdown:zonehas been superseded by usingzone_id(#421)
Improvements:
- New Resource:
cloudflare_custom_ssl(#418) resource/cloudflare_filter: Strip all surrounding whitespace from filter expressions to match API responses (#361)resource/cloudflare_zone: Support unicode zone name values (#412)resource/cloudflare_page_rule: Allow settingorigin_pullfor SSL (#430)resource/cloudflare_load_balancer_monitor: Add TCP support for load balancer monitor (#428)
Fixes:
resource/cloudflare_logpush_job: Update documentation (#395)resource/cloudflare_zone_lockdown: Fix: examples in documentation (#407)resource/cloudflare_page_rule: Set nil on changed string-based Page Rule actions
Fixes:
resource/cloudflare_page_rule: Fix regression inbrowser_cache_ttlwhere the value was sent as a string instead of an integer to the remote (#390)
Improvements:
resource/cloudflare_zone_settings_override: Add support forh2_prioritizationandimage_resizing(#381)resource/cloudflare_load_balancer_pool: Update IP range for tests to not use reserved ranges (#369)
Fixes:
resource/cloudflare_page_rule: Fix issues withbrowser_cache_ttldefaults and when value is0(for Enterprise users) (#379)
- The provider is now compatible with Terraform v0.12, while retaining compatibility with prior versions. (#309)
Improvements:
- New Resource:
cloudflare_argoManage Argo features (#304) cloudflare_zone: Support management of partial zones (#303)cloudflare_rate_limit: Updatemodesdocumentation (#293)cloudflare_load_balancer: Allow steering policy of "random" (#329)
Fixes:
cloudflare_page_rule- Allow settingbrowser_cache_ttlto 0 (#293)cloudflare_page_rule- Swap to completely replacing rules (#338)
Improvements
- New Resource:
cloudflare_logpush_job(#287) cloudflare_zone_settings- Remove option to togglealways_on_ddos(#253)cloudflare_page_rule- Update documentation to clarify "0" usagecloudflare_zones- Return zone ID and zone name (#275)cloudflare_load_balancer- Addenabledfield (#208)cloudflare_record- validators: Allow PTR DNS records (#283)
Fixes:
cloudflare_custom_pages- Use correct casing forzone_idlookupscloudflare_rate_limit- Makecorrelateoptional and not flap in state management (#271)cloudflare_spectrum_application- Fixed integration tests to work (#275)cloudflare_page_rule- Better track field changes inactionsresource. (#107)
Improvements:
- provider: Enable request/response logging (#212)
- resource/cloudflare_load_balancer_monitor: Add validation for
port(#213) - resource/cloudflare_load_balancer_monitor: Add
allow_insecureandfollow_redirects(#205) - resource/cloudflare_page_rule: Updated available actions documentation to match what is available (#228)
- provider: Swap to using go modules for dependency management (#230)
- provider: Minimum Go version for development is now 1.11 (#230)
Fixes:
- resource/cloudflare_record: Read
databack from API correctly (#217) - resource/cloudflare_rate_limit: Read
correlateback from API correctly (#204) - resource/cloudflare_load_balancer_monitor: Fix incorrect type cast for
port(#213) - resource/cloudflare_load_balancer: Make
steering_policycomputed to avoid spurious diffs (#214) - resource/cloudflare_load_balancer: Read
session_affinityback from API to make import work & detects drifts (#214)
Improvements:
- New Resource:
cloudflare_spectrum_app(#156) - New Data Source:
cloudflare_zones(#168) cloudflare_load_balancer_monitor- Add optionalportparameter (#179)cloudflare_page_rule- Improved documentation forpriorityattribute (#182], missingexplicit_cache_control[#185)cloudflare_rate_limit- Addchallengeandjs_challengerate-limit modes (#172)
Fixes:
cloudflare_page_rule- Page rulezoneattribute change to trigger new resource (#183)
Improvements:
cloudflare_zone_settings_override- Addopportunistic_onionzone setting support (#170)cloudflare_zone- Add ability to set zone plan (#160)
Fixes:
cloudflare_zone- Allow zones to be properly imported (#157)cloudflare_access_policy- Match access_policy argument requisites with reality (#158)cloudflare_filter- Allowzone_idto setzoneand vice versa (#162)cloudflare_firewall_rule- Allowzone_idto setzoneand vice versa (#174)cloudflare_access_rule- Ensurezoneandzone_idare always set (#175)- Minor documentation fixes
Improvements:
- New Resource:
cloudflare_access_application(#145) - New Resource:
cloudflare_access_policy(#145) cloudflare_load_balancer- Add steering policy support (#147)cloudflare_load_balancer- Supportsession_affinity(#153)cloudflare_load_balancer_pool- Supportweight(#153)
Fixes:
cloudflare_record- Compare name without the zone name (#151)- Minor documentation fixes (#149] [#152)
Improvements:
- New Resource:
cloudflare_zone(#58) - New Resource:
cloudflare_custom_pages(#132) cloudflare_zone_settings_override- Allow setting SSL level to Strict (SSL-Only Origin Pull) (#122)- Update provider usage/build docs and how to update a dependency (#138)
- Improve
Building The Providerinstructions (#143) cloudflare_access_rule- Make importable for all rule types (#141)cloudflare_load_balancer_pool- ImplementUpdate(#140)
Fixes:
cloudflare_rate_limit- Documentation fixes for markdown where _ALL_ is italicized (#125)cloudflare_worker_route- Correctly setmulti_scripton Enterprise worker imports (#124)account_member- Ignore role ID ordering (#128)cloudflare_rate_limit- Origin traffic isn't default anymore (#130)cloudflare_rate_limit- Update rate limit validation to allow1(#129)cloudflare_record- Add validation to ensure TTL is not set whileproxiedis true (#127)- Updated code for provider version in User-Agent
cloudflare_zone_lockdown- Fix import of zone lockdowns (#135)
Improvements:
- New Resource:
cloudflare_account_member(#78)
Improvements:
- New Resource:
cloudflare_filter - New Resource:
cloudflare_firewall_rule
Improvements:
- New Resource:
cloudflare_zone_lockdown(#115)
Fixes:
- Send User-Agent header with name and version when contacting API
cloudflare_page_rule- Fix page rule polish (off, lossless or lossy) (#116)
Improvements:
Improvements:
- New Resource:
cloudflare_access_rule(#64)
Fixes:
cloudflare_zone_settings_override- Change Zone Settings Override to use GetOkExists (#107)
Improvements:
- New Resource:
cloudflare_waf_rule(#98) cloudflare_zone_settings_override- Addoffas Security Level setting (#99)resource_cloudflare_rate_limit- Add nat support (#96)resource_cloudflare_zone_settings_override- Addzrtas a value for thetls_1_3setting (#106)- Minor documentation improvements
Fixes:
cloudflare_record- Setting a DNS record'sproxiedflag to false stopped working (#103)
FIXES:
cloudflare_ip_ranges- IPv6 CIDR blocks should return IPv6 addresses (#51)cloudflare_zone_settings_override- Allow0forbrowser_cache_ttl(#71)cloudflare_page_rule-forwarding_urlsin page rules are lists (#79)cloudflare_page_rule- The API supportsactiveanddisabled, notpaused(#84)
IMPROVEMENTS:
cloudflare_zone_settings_override- Add support formin_tls_version(#72)cloudflare_page_rule- Add support for more settings:bypass_cache_on_cookie,cache_by_device_type,cache_deception_armor,cache_on_cookie,host_header_override,polish,explicit_cache_control,origin_error_page_pass_thru,sort_query_string_for_cache,resolve_override,respect_strong_etag,response_buffering,true_client_ip_header,mirage,disable_railgun,cache_key,waf,rocket_loader,cname_flattening(#68], [#81], [#85)cloudflare_page_rule- Addoffsetting tosecurity_level(#81)cloudflare_record- DNS Record improvements (#97)- Various documentation improvements
BACKWARDS INCOMPATIBILITIES / NOTES:
- resource/cloudflare_record: Changing
nameordomainnow force a recreation of the record (#29)
FEATURES:
- New Resource:
cloudflare_rate_limit(#30) - New Resource:
cloudflare_page_rule(#38) - New Resource:
cloudflare_load_balancer(#40) - New Resource:
cloudflare_load_balancer_pool(#40) - New Resource:
cloudflare_zone_settings_override(#41) - New Resource:
cloudflare_load_balancer_monitor(#42) - New Data Source:
cloudflare_ip_ranges(#28)
IMPROVEMENTS:
- resource/cloudflare_record: Validate
TXTrecords (#14) - resource/cloudflare_record: Add
datainput to suppport SRV, LOC records (#29) - resource/cloudflare_record: Add computed attributes
created_on,modified_on,proxiable, andmetadatato records (#29) - resource/cloudflare_record: Support import of existing records (#36)
- New Provider configuration options for API rate limiting (#43)
- New Provider configuration options for using Organizations (#40)
NOTES:
- Same functionality as that of Terraform 0.9.8. Repacked as part of Provider Splitout