mirror of
https://github.com/cloudflare/terraform-provider-cloudflare.git
synced 2026-01-11 19:56:37 +00:00
7877ed398a
* fix(cloudflare_list_item) redirect source_url path validation
* codegen metadata
* chore: remove skips
* fix: ci workflows
* fix: don't announce to discord
* fix: discord failure
* Update access identity provider test, service token test, and plan
modifiers
* codegen metadata
* feat: modernize healthcheck tests
* feat(cloudflare_list): add nested set list items
* feat(cloudflare_list): add nested list items to data source
* feat: modernize notification_policy_webhooks tests
* codegen metadata
* docs(cloudflare_list) add nested items warning
* feat(ruleset): validate action parameters are used with correct action
This ensures we catch these validation errors during planning, which
avoids misleading errors from the API during applies.
* fix: state
* chore: tests
* chore(account_member): update acceptance tests
Modernized test patterns:
- uses `ConfigStateChecks` with `statecheck.ExpectKnownValue()`
- added `ConfigPlanChecks` with `plancheck.ExpectResourceAction()`
Improved coverage:
- added plan validation for `RolesUpdate` to ensure only intended fields change
- added no-op plan checks to `RolesVsPolicies` for stable state validation
- modernized `Policies` with detailed nested attribute validation
- added CRUD test for a full lifecycle test with Create -> Update -> Import flow
Wasn't able to get sweepers to work.
* fix: zero trust migrations
* feat: modernize r2_bucket tests
* fix: zero_trust_device_custom_profile sweeper
* chore(api_token): update acceptance tests
Modernized test patterns:
- uses `ConfigStateChecks` with `statecheck.ExpectKnownValue()`
- adds `ConfigPlanChecks` with `plancheck.ExpectResourceAction()`
Handle deletes better:
- adds `CheckDestroy`
- adds sweeper
- adds CRUD test (Create, Read, Update, Delete, and Import)
- fixes client API usage to use `SharedClient()` and User.Tokens endpoints
* chore(account): update acceptance tests
Modernized test patterns:
- uses `ConfigStateChecks` with `statecheck.ExpectKnownValue()`
- adds `ConfigPlanChecks` with `plancheck.ExpectResourceAction()`
- adds import state tests
Handle deletes better:
- adds `CheckDestroy`
- adds sweeper
- adds CRUD test (Create, Read, Update, Delete, and Import)
- fixes client API usage to use `SharedClient()` and User.Tokens endpoints
* chore(account_token): update acceptance tests
Modernized test patterns:
- uses `ConfigStateChecks` with `statecheck.ExpectKnownValue()`
Improved coverage:
- adds `ImportState*` checks
Wasn't able to get sweepers to work.
* chore(account_member): remove bad test
* fix: zero_trust_access_mtls_certificate acceptance tests
* feat: modernize zero_trust_dlp_entry tests
* fix: required field ttl
* feat: add migration tool support for cloudflare_snippet
* feat: add migration tool support for cloudflare_snippet_rules
* fix(migrate): custom_pages state migrations
Previously state migrations for v4 -> v5 took place using state upgraders which
would have been problematic for existing v5 users. This patch updates the
migrate tool to fully handle `custom_pages` migrations for both config and
state.
- adds state migration for `custom_pages` to `cmd/migrate`
- adds tests for new state migration in `cmd/migrate`
- replaces _implicit_ migration tests with _explicit_ migration tests using
`cmd/migrate`
* fix: zero trust access mtls certificate acceptance tests
* feat: modernize zero_trust_dlp_custom_profile tests
* fix: zero trust access indetity provider migration
* fix: fix zero_trust_dlp_entry acceptance tests
* chore: increase parallel jobs
* KV-1751: Add namespace rename check
* fix: state test
* KV-1750: Add KV metadata test
* KV-1750: Add import test
* KV-1750: Remove duplicated withAccountId test
AccountIds are required. Existing test was using the same terraform file
* spectrum_application: add v5 test for port ranges
* spectrum_application: migration from v4->v5
* spectrum_application: fix test data to be more representative, migrate state using cmd/migrate
* chore: ci tests dependencies and job tracking
* chore(cloudflare_list) add acceptance test for null items
* chore: run goimport
* chore: enable more ci tests
* spectrum_application: update structure of tests
* fix: fix snippets tests
* fix: run spinnets in sequence
* feat(zone): add v4 -> v5 migrations
Implements config and state migrations for `cloudflare_zone`.
- removes all grit patterns
- migrates config and state to its new shape:
- rename attribute `zone` -> `name`
- rename and restructure attribute `account_id` -> `account = { id = "..." }`
- remove jump_start (no v5 equivalent)
- remove plan (becomes computed-only)
- adds tests for migration tooling
* feat: modernize zero_trust_list tests
* chore(zone): add migration tests
Tests required transformations
- `zone` -> `name` attribute rename
- `account_id` -> account = { id = "..." } nested object
- `jump_start` attribute removal
- `plan` attribute removal (becomes computed)
Handles edge cases
- unicode domain names
- different zone types (full, partial, secondary)
- complex expressions and variables
- multiple zones in same configuration
- vanity name servers
- meta field structure changes
* feat(migrate): support migrations for workers_route and workers_script
Adds migration support for `workers_route` and `workers_script`.
- uses `cmd/migrate` for source and state migrations
- handles both singular and plural versions from v4 (`workers_...` vs `worker_...`)
- handles attribute renames
- `workers_route`: `script_name` → `script`
- `workers_script`: `name` → `script_name`
* refactor(migrate): add resource rename support to workers_route and workers_script
Handle `cloudflare_worker_route` -> `cloudflare_workers_route` and
`cloudflare_worker_script` -> `cloudflare_workers_script` resource renames
* feat(migrate): add comprehensive workers cross-resource reference support
Handle resource type and attribute renames in cross-resource references:
- `cloudflare_worker_script.foo.name` -> `cloudflare_workers_script.foo.script_name`
- `cloudflare_worker_route.bar.script_name` -> `cloudflare_workers_route.bar.script`
* feat(migrate): implement comprehensive workers_script v4→v5 bindings migration
Handles binding transformations:
- converts v4 binding blocks to v5 bindings list
- transform bindings:
- `plain_text`
- `kv_namespace`
- `secret_text`
- `r2_bucket`
- `queue`
- `d1_database`
- `analytics_engine`
- `service`
- `webassembly
- removes old `binding` blocks from config ("unsupported block type" errors)
- adds state transformation for v4 → v5
- cleans up incompatible v4 attributes:
- `dispatch_namespace
- `hyperdrive_config_binding
- `module`
- fixes `placement` attribute format from array `[]` to object `{}`
Adds test for migrations
- adds migration tests
* fix(workers_script): resolve binding order infinite loop in v5 provider
Fixes a provider bug where bindings were constantly reordered causing infinite
plan diffs. Root cause was `UpdateSecretTextsFromState` iterating through API
response order instead of preserving state order.
Provider changes:
- fix `UpdateSecretTextsFromState` to iterate through state elements first
- preserve user-intended binding ordering from configuration
- add new elements from API that weren't in state (append at end)
Migration changes:
- remove alphabetical sorting from state transformation (no longer needed)
- add d1_database_binding → d1 type mapping
- add hyperdrive_config_binding → hyperdrive type mapping
- add migration tests for d1/hyperdrive binding transformations
* feat(migrate): implement remaining workers_script binding migration fixes
`webassembly_binding` handling:
- remove webassembly_binding from supported binding types
- generate migration warning when encountered in config
- explain that WASM modules must be bundled into script content
`binding` attribute renames:
- implement database_id → id mapping for d1_database_binding
- add renameBindingAttributes for state transformation
- add renameBindingAttribute for config transformation
Test:
- add webassembly_binding warning test case
- update d1 test to expect "id" instead of "database_id"
* refactor(migrate): clean up duplicate bindings maps
* fix(migrate): implement workers_secret cross-resource migration to secret_text bindings
The existing migration incorrectly tried to rename cloudflare_workers_secret to
cloudflare_workers_secret, but v5 doesn't have workers_secret at all.
Now properly migrates workers_secret resources to secret_text bindings within
their corresponding workers_script resources:
- collect workers_secret resources by script_name + account_id
- merge as secret_text bindings into matching workers_script resources
- handle both config and state transformation
- remove workers_secret resources completely after migration
- add migration tests for commont scenarios
* fix(migrate): implement dispatch_namespace attribute to binding migration
The existing migration incorrectly deleted dispatch_namespace instead of
transforming it to v5's unified bindings system.
Now properly migrates dispatch_namespace from v4 attribute to v5 binding:
- transform dispatch_namespace = "value" → `bindings = [{type =
"dispatch_namespace", namespace_id = "value"}]`
- merge with existing bindings when present
- handle both config and state transformation
- add manual migration warnings for complex expressions (variables, references)
* fix(migrate): implement module attribute to main_module/body_part migration
The existing migration incorrectly deleted module instead of transforming
it to v5's ES module vs Service Worker syntax attributes.
Properly migrates module boolean to appropriate v5 attributes:
- transforms `module = true → main_module = "worker.js"` (ES Module syntax)
- transforms `module = false → body_part = "worker.js"` (Service Worker syntax)
- handles both config and state transformation
- adds manual migration warnings for unparseable values
* fix(migrate): add missing hyperdrive binding attribute renames
The existing hyperdrive binding migration was missing attribute renames,
causing incorrect v4→v5 transformations.
This patch ensures we properly rename hyperdrive binding attributes:
- transforms `binding → name` in both config and state
- transforms `id → binding_id` in both config and state
- fixes test to use correct v4 attribute names (binding/id vs name/binding_id)
* fix(workers_script): get tests passing again
Remove unsupported features in v5
- removes tags from state
- removes dispatch_namespace from state
Handle resource renames (again)
- reimplements singular-to-plural renames
Updates tests to pass:
- fixes workers_route tests to include workers_scripts it depends on
* chore(workers_script): add lots of missing bindings tests
* fix(workers_script): fix/improve bindings tests
* fix(migrate): correct module transformation and clean up dead code tests
Fixes module attribute transformation to properly implement v4→v5 migration
per PR feedback instead of incorrectly deleting the attribute.
Migration changes:
- fix `transformModule()` to actually transform boolean values:
- `module = true` → `main_module = "worker.js"` (ES Module syntax)
- `module = false` → `body_part = "worker.js"` (Service Worker syntax)
- fix `transformModuleInState()` with same transformation logic for JSON state
- remove dead dispatch_namespace test cases (correctly deleted, not transformed)
- fix hyperdrive test expectation: `binding_id` → `id` to match implementation
* chore(workers_script): remove unused tests
* chore: remove grit
* fix: migrations for config and state
* feat: migration tests
* fix: prevent resource type corruption in workers_secret state migration
Replace array filtering/reconstruction with individual deletion to avoid
type corruption when removing workers_secret resources from state. The
previous approach using resource.Value() and sjson.Set() was corrupting
resource types during JSON reconstruction.
* fix: prevent resource type corruption in workers_secret state migration
Replace array filtering/reconstruction with individual deletion to avoid
type corruption when removing workers_secret resources from state. The
previous approach using resource.Value() and sjson.Set() was corrupting
resource types during JSON reconstruction.
* feat: migrate list with embedded items from v4 to v5
* feat: handle list items in v4
* chore: remove grit for lists
* feat: merge items into list
* feat: migration tests
* chore: remove files that are not needed
* fix: dynamic blocks and tests
* fix: tiered cache test
* fix: dns record empty states
* chore: add migration tool support for load_balancer and load_balancer_pool
* fix: dynamic 'origins' blocks migrations
* fix: tests
* fix: comment_modified_on drift in DNS records
Co-authored-by: Vaishak Dinesh <vaishakpdinesh@gmail.com>
* fix(workers_script): referenced attribute renames (#6136)
When migrating from v4 -> v5, references to `workers_script.name` weren't being
correctly renamed due to a faulty lookup map.
- updates `resourceTypeRenames` (lookup map) to include v4 and v5 resource
names
- updates conditional in `renameWorkerAttribute` to include v5 resource names
- adds test for partial migration cases
* fix: broken test data and block attribute conversion (#6138)
* feat: add 'ruleset' support in migration tool (#6104)
* feat: add 'ruleset' support in migration tool
* chore: add more migration tests for ruleset and fix block attribute migrations
* chore: fix action_paramters attribute for ruleset migrations
* fix: inconsistent apply Issue #6076 (#6139)
* chore: sequence magic tests (#6145)
* chore: remove the magic resources
* chore: run magic in its own step
* codegen metadata
* chore: fix list item state migration (#6146)
* feat(internal): support CustomMarshaler interface for encoding types
* feat: Merge branch 'vaishak/bump-sdk-version' into 'main'
chore: bump go sdk version
See merge request cloudflare/sdks/cloudflare-config!120
* feat(migrate): fix load_balancer migration test (#6148)
* fix: snippet and load balancer migration tests (#6149)
* fix: snippet tests
* fix: load balancer tests
* chore: run certain tests sequentially
* chore: cleanup
* chore: revert metadata
* fix: snippet unit test
* chore: schema version is set by grit
* chore: retry tests (#6150)
* fix: resolve race condition in zero_trust_access_mtls_hostname_settings migration tests (#6152)
Add cleanup function to clear MTLS certificates and hostname settings before
each
migration test to prevent 'previous certificate settings still being updated'
errors.
The cleanup ensures certificates are disassociated from hostnames before
deletion,
matching the approach used in acceptance tests.
Also updates provider version constraint from ~> 4.0 to 4.52.1 for
consistency
with other migration tests.
* fix: more roboust retry logic for certificate tests (#6154)
* fix: skip acceptance tests in unit test scope (#6155)
* chore: increase retries (#6156)
* chore: grit to go (#6143)
* feat: grit to go
chore: sunset up grit
chore: transformations to download config from github
chore: zone settings migrations should not generate import statements
Revert "chore: sunset up grit"
This reverts commit ffed79063a848104099558fd756ae5eb6767e9b0.
chore: recursive directory scan
chore: fix zero trust access policy transformation
chore: revert grit change
chore: revet zone settings change
* chore: put no-grit migration behind flag
* chore: fix transformation source (#6157)
* fix: nil dereference in `cloudflare_workers_script` resource (#6158)
Fixes #6147
* chore: revert grit to go (#6159)
* Revert "chore: fix transformation source (#6157)"
This reverts commit 6cc2cfb2b2.
* Revert "chore: grit to go (#6143)"
This reverts commit 548f097441.
* chore: skip mconn test (#6161)
* release: 5.10.0
---------
Co-authored-by: Brad Swenson <bswenson@cloudflare.com>
Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com>
Co-authored-by: Vaishak Dinesh <vaishak@cloudflare.com>
Co-authored-by: Vaishak Dinesh <vaishakpdinesh@gmail.com>
Co-authored-by: Alex Holland <aholland@cloudflare.com>
Co-authored-by: Tamas Jozsa <tamas@cloudflare.com>
Co-authored-by: Tamás Józsa <jtomi92@gmail.com>
Co-authored-by: Zak Cutner <zak@cloudflare.com>
Co-authored-by: Mike Girouard <mgirouard@cloudflare.com>
Co-authored-by: Musa Jundi <musa@cloudflare.com>
Co-authored-by: Pedro Leal <pleal@cloudflare.com>
Co-authored-by: Michael Girouard <206137+mgirouard@users.noreply.github.com>
Co-authored-by: Nicky Semenza <nicky@cloudflare.com>
Co-authored-by: David Ackerman <david.w.ackerman@gmail.com>
Co-authored-by: Cina Saffary <cina@cloudflare.com>
52 lines
1.5 KiB
YAML
52 lines
1.5 KiB
YAML
# yaml-language-server: schema=https://goreleaser.com/static/schema.json
|
|
version: 2
|
|
builds:
|
|
- env:
|
|
# goreleaser does not work with CGO, it could also complicate
|
|
# usage by users in CI/CD systems like Terraform Cloud where
|
|
# they are unable to install libraries.
|
|
- CGO_ENABLED=0
|
|
mod_timestamp: "{{ .CommitTimestamp }}"
|
|
flags:
|
|
- -trimpath
|
|
ldflags:
|
|
- "-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}"
|
|
goos:
|
|
- darwin
|
|
- freebsd
|
|
- linux
|
|
- windows
|
|
goarch:
|
|
- amd64
|
|
- arm64
|
|
binary: "{{ .ProjectName }}_v{{ .Version }}"
|
|
hooks:
|
|
post:
|
|
- cp terraform-registry-manifest.json dist/{{ .ProjectName }}_{{ .Version }}_manifest.json
|
|
archives:
|
|
- formats: ["zip"]
|
|
name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
|
|
checksum:
|
|
name_template: "{{ .ProjectName }}_{{ .Version }}_SHA256SUMS"
|
|
extra_files:
|
|
- glob: "terraform-registry-manifest.json"
|
|
name_template: "{{ .ProjectName }}_{{ .Version }}_manifest.json"
|
|
algorithm: sha256
|
|
signs:
|
|
- artifacts: checksum
|
|
args:
|
|
- "--batch"
|
|
- "--local-user"
|
|
- "{{ .Env.GPG_FINGERPRINT }}"
|
|
- "--output"
|
|
- "${signature}"
|
|
- "--detach-sign"
|
|
- "${artifact}"
|
|
release:
|
|
extra_files:
|
|
- glob: "terraform-registry-manifest.json"
|
|
name_template: "{{ .ProjectName }}_{{ .Version }}_manifest.json"
|
|
changelog:
|
|
disable: true
|
|
snapshot:
|
|
version_template: "{{.ShortCommit}}-dev"
|