chore(deps): update terraform cloudflare to v4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
cloudflare (source)	required_provider	major	3.14.0 -> 4.36.0

---

Release Notes

cloudflare/terraform-provider-cloudflare (cloudflare)

v4.36.0

Compare Source

NOTES:

• resource/zone_settings_override: deprecate mobile_redirect setting and include state migration to remove from local state. You should immediately remove the configuration from the resource to prevent permadiffs. (#​3337)

ENHANCEMENTS:

• resource/cloudflare_access_application: Support configuring OIDC SaaS access token lifetime (#​3353)

BUG FIXES:

• resource/cloudflare_list_item: fix crash when not using type = "redirect" due to attempting to compare nil (#​3368)
• resource/cloudflare_list_item: implement exact match for IP values to prevent overlapping IP prefixes from not being found (#​3368)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.18 to 1.27.19 (#​3360)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.19 to 1.27.20 (#​3362)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.20 to 1.27.21 (#​3364)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.18 to 1.17.19 (#​3360)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.19 to 1.17.20 (#​3362)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.20 to 1.17.21 (#​3364)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.55.1 to 1.55.2 (#​3360)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.55.2 to 1.56.0 (#​3362)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.0 to 1.56.1 (#​3364)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.27.2 to 1.28.0 (#​3360)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.28.0 to 1.29.0 (#​3362)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.29.0 to 1.30.0 (#​3364)
• provider: bump github.com/cloudflare/cloudflare-go from 0.97.0 to 0.98.0 (#​3365)
• provider: bump github.com/cloudflare/cloudflare-go/v2 from 2.2.0 to 2.3.0 (#​3363)
• provider: bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 in /tools (#​3395)

v4.35.0

Compare Source

ENHANCEMENTS:

• resource/cloudflare_access_application: Add Hybrid and Implicit flow support to OIDC SaaS Apps (#​3324)
• resource/cloudflare_access_organization: Fix 'name' being optional (#​3343)
• resource/cloudflare_load_balancer_pool: Add support for virtual_network_id (#​3333)
• resource/cloudflare_teams_account: add support for 'virtual_ip' (#​3321)
• resource/resource_cloudflare_zone: add support for 'vanity_name_servers' (#​3315)

BUG FIXES:

• resource/cloudflare_access_application: Fix bug requiring explicit account_id or zone_id (#​3352)
• resource/cloudflare_access_application: force recreation if SaaS app auth_type is changed (#​3332)
• resource/cloudflare_list_item: handle overlapping redirect source_url (#​3335)
• resource/cloudflare_logpush_job: Mirror API defaults for record_delimiter to include newline (#​3334)
• resource/cloudflare_waiting_room_event: fix panic when trying to import a resource (#​3351)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.16 to 1.27.17 (#​3339)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.17 to 1.27.18 (#​3350)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.16 to 1.17.17 (#​3339)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.17 to 1.17.18 (#​3350)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.3 to 1.54.4 (#​3339)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.55.0 to 1.55.1 (#​3350)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.27.0 to 1.27.1 (#​3339)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.27.1 to 1.27.2 (#​3350)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.4 to 1.55.0 in the aws group (#​3346)
• provider: bump github.com/cloudflare/cloudflare-go from 0.96.0 to 0.97.0 (#​3347)
• provider: bump github.com/hashicorp/terraform-plugin-framework from 1.8.0 to 1.9.0 (#​3341)
• provider: bump golang.org/x/net from 0.25.0 to 0.26.0 (#​3342)
• provider: bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#​3345)

v4.34.0

Compare Source

FEATURES:

• New Resource: cloudflare_risk_behavior (#​3307)

ENHANCEMENTS:

• resource/cloudflare_access_application: Add support for OIDC refresh tokens, allowing PKCE without client secret, custom claims, and specifying name_by_idp for custom attributes/claims (#​3306)
• resource/cloudflare_access_application: improve validation logic for zone level reusable policies (#​3325)
• resource/cloudflare_access_group: improve validation logic for zone level reusable policies (#​3325)
• resource/cloudflare_ruleset: add support for fonts and disable_rum action parameters (#​3261)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.13 to 1.27.14 (#​3310)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.14 to 1.27.15 (#​3313)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.15 to 1.27.16 (#​3326)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.13 to 1.17.14 (#​3310)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.14 to 1.17.15 (#​3313)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.15 to 1.17.16 (#​3326)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.0 to 1.54.1 (#​3310)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.1 to 1.54.2 (#​3313)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.2 to 1.54.3 (#​3326)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.26.1 to 1.26.2 (#​3310)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.26.2 to 1.27.0 (#​3313)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.2 to 1.54.0 in the aws group (#​3308)
• provider: bump github.com/cloudflare/cloudflare-go from 0.95.0 to 0.96.0 (#​3322)
• provider: bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.33.0 to 2.34.0 (#​3316)
• provider: bump github.com/hashicorp/terraform-plugin-testing from 1.6.0 to 1.8.0 (#​3317)

v4.33.0

Compare Source

ENHANCEMENTS:

• resource/cloudflare_access_application: added support for 'policies' argument (#​3288)
• resource/cloudflare_access_policy: added support for reusable policies (#​3288)
• resource/cloudflare_zone_settings_override: add support for NEL (#​3305)

BUG FIXES:

• resource/cloudflare_list_item: retry list ID fetch operations for the identifiers (#​3303)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.11 to 1.27.12 (#​3295)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.12 to 1.27.13 (#​3301)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.11 to 1.17.12 (#​3295)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.12 to 1.17.13 (#​3301)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.1 to 1.53.2 (#​3295)
• provider: bump bflad/action-milestone-comment from 1 to 2 (#​3299)
• provider: bump github.com/cloudflare/cloudflare-go/v2 from 2.1.0 to 2.2.0 (#​3298)
• provider: bump github.com/hashicorp/terraform-plugin-mux from 0.15.0 to 0.16.0 (#​3296)
• provider: bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 (#​3302)

v4.32.0

Compare Source

NOTES:

• resource/cloudflare_rate_limit: This resource is being deprecated in favor of the cloudflare_rulesets resource (#​3279)

ENHANCEMENTS:

• resource/cloudflare_access_application: add support for SCIM provisioning configuration (#​3291)
• resource/cloudflare_access_group: Add the option for email_list to be used in require, include and exclude fields (#​3247)
• resource/cloudflare_device_posture_rules: added support for os_version_extra (#​3281)

BUG FIXES:

• resource/cloudflare_turnstile: Fix error handling corrupting state (#​3284)

DEPENDENCIES:

• provider: bump github.com/cloudflare/cloudflare-go from 0.94.0 to 0.95.0 (#​3294)
• provider: bump github.com/hashicorp/terraform-plugin-go from 0.22.2 to 0.23.0 (#​3289)
• provider: bump golang.org/x/net from 0.24.0 to 0.25.0 (#​3290)
• provider: bump golangci/golangci-lint-action from 5 to 6 (#​3293)

v4.31.0

Compare Source

ENHANCEMENTS:

• resource/cloudflare_access_application: added support for options_preflight_bypass (#​3267)
• resource/cloudflare_dlp_profile: Added support for ocr_enabled field to profiles (#​3224)
• resource/cloudflare_notification_policy: add 'target_ip' atrribute to 'filter' nested block (#​3263)
• resource/cloudflare_teams_account: add custom_certificate setting support (#​3253)
• resource/cloudflare_teams_location: added ecs_support field (#​3264)

BUG FIXES:

• resource/cloudflare_hyperdrive_config: Fix 'HyperdriveID' not included in Update call (#​3251)
• resource/cloudflare_managed_headers: disable header if it is deleted from terraform state (#​3260)
• resource/cloudflare_worker_script: fix namespaced script delete trying to delete from account rather than the namespace (#​3238)

INTERNAL:

• provider: introduce a muxed client to support using cloudflare-go/v0 and cloudflare-go/v2 together (#​3262)

DEPENDENCIES:

• provider: bump github.com/cloudflare/cloudflare-go from 0.93.0 to 0.94.0 (#​3265)
• provider: bump github.com/cloudflare/cloudflare-go/v2 from 2.0.0 to 2.1.0 (#​3274)
• provider: bump github.com/hashicorp/terraform-plugin-framework from 1.5.0 to 1.8.0 (#​3255)
• provider: bump github.com/hashicorp/terraform-plugin-go from 0.21.0 to 0.22.2 (#​3254)
• provider: bump golang.org/x/net from 0.19.0 to 0.23.0 in /tools (#​3258)
• provider: bump golangci/golangci-lint-action from 4 to 5 (#​3271)

v4.30.0

Compare Source

ENHANCEMENTS:

• cloudflare/resource_logpush_job: Add support for page_shield_events (#​3237)
• resource/cloudflare_access_group: added support for common_names rule list type to allow for more than one common_name rule in a policy block (#​3229)
• resource/cloudflare_access_policy: added support for common_names rule list type to allow for more than one common_name rule in a policy block (#​3229)
• resource/cloudflare_ipsec_tunnel: added support for replay_protection (#​3249)

BUG FIXES:

• resource/cloudflare_email_routing_address: Make sure schema is correctly upgraded. (#​3245)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.10 to 1.27.11 (#​3232)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.10 to 1.17.11 (#​3232)
• provider: bump github.com/cloudflare/cloudflare-go from 0.92.0 to 0.93.0 (#​3239)
• provider: bump golang.org/x/net from 0.22.0 to 0.23.0 (#​3225)
• provider: bump golang.org/x/net from 0.23.0 to 0.24.0 (#​3230)

v4.29.0

Compare Source

BREAKING CHANGES:

• data_source/record: Remove locked flag which is always false (#​3220)

ENHANCEMENTS:

• datasource/cloudflare_tunnel: Add the option to filter deleted tunnels (#​3201)
• resource/cloudflare_teams_rule: Add support for resolver policies (#​3198)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.9 to 1.27.10 (#​3222)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.9 to 1.17.10 (#​3222)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.0 to 1.53.1 (#​3222)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.26.0 to 1.26.1 (#​3222)

v4.28.0

Compare Source

ENHANCEMENTS:

• resource/cloudflare_access_application: adds saml_attribute_transform_jsonata` to SaaS applications (#​3187)
• resource/cloudflare_device_posture_rule: update support for new fields for crowdstrike_s2s posture rule. (#​3216)
• resource/cloudflare_ipsec_tunnel: Adds IPsec tunnel health_check_direction & health_check_rate parameters (#​3112)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.8 to 1.27.9 (#​3207)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.8 to 1.17.9 (#​3207)
• provider: bump github.com/cloudflare/cloudflare-go from 0.90.0 to 0.91.0 (#​3208)
• provider: bump github.com/cloudflare/cloudflare-go from 0.91.0 to 0.92.0 (#​3218)

v4.27.0

Compare Source

FEATURES:

• New Resource: cloudflare_access_mutual_tls_hostname_settings (#​3173)
• New Resource: cloudflare_hyperdrive_config (#​3111)

ENHANCEMENTS:

• resource/cloudflare_dlp_profile: Added support for context_awareness field to profiles (#​3158)
• resource/cloudflare_logpush_job: Add output_options parameter (#​3171)
• resource/cloudflare_notification_policy: Implement the airport_code filter (#​3183)
• resource/cloudflare_worker_script: Add dispatch_namespace to support uploading to a Workers for Platforms namespace (#​3154)
• resource/cloudflare_worker_script: Add tags to support tagging Workers for Platforms Workers (#​3154)

BUG FIXES:

• resource/cloudflare_access_application: Add Sensitive to oidc client_secret and preserve client_secret across apply (#​3168)
• resource/cloudflare_list_item: fix id parsing for imports (#​3191)
• resource/cloudflare_logpush_job: only set the value in state when it is defined (#​3188)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.6 to 1.27.7 (#​3172)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.7 to 1.27.8 (#​3197)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.6 to 1.17.7 (#​3172)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.7 to 1.17.8 (#​3197)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.3 to 1.51.4 (#​3172)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.4 to 1.52.0 (#​3182)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.52.0 to 1.52.1 (#​3190)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.52.1 to 1.53.0 (#​3197)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.25.2 to 1.25.3 (#​3172)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.25.3 to 1.26.0 (#​3197)
• provider: bump github.com/cloudflare/cloudflare-go from 0.89.0 to 0.90.0 (#​3178)
• provider: bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /tools (#​3180)
• provider: bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#​3181)

v4.26.0

Compare Source

FEATURES:

• New Data Source: cloudflare_dlp_datasets (#​3135)

ENHANCEMENTS:

• resource/cloudflare_access_application: adds name_id_transform_jsonata to SaaS applications (#​3132)

BUG FIXES:

• resource/cloudflare_access_application: Fix issue with sending allow_authenticate_via_warp on updates when it is not provided (#​3140)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.1 to 1.27.2 (#​3136)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.2 to 1.27.3 (#​3138)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.3 to 1.27.4 (#​3141)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.4 to 1.27.5 (#​3159)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.5 to 1.27.6 (#​3161)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.1 to 1.17.2 (#​3136)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.2 to 1.17.3 (#​3138)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.3 to 1.17.4 (#​3141)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.4 to 1.17.5 (#​3159)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.5 to 1.17.6 (#​3161)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.50.2 to 1.50.3 (#​3136)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.50.3 to 1.51.0 (#​3138)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.0 to 1.51.1 (#​3141)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.1 to 1.51.2 (#​3159)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.51.3 (#​3161)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.25.0 to 1.25.1 (#​3136)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.25.1 to 1.25.2 (#​3141)
• provider: bump github.com/cloudflare/cloudflare-go from 0.88.0 to 0.89.0 (#​3148)
• provider: bump github.com/hashicorp/terraform-plugin-go from 0.21.0 to 0.22.0 (#​3139)
• provider: bump github.com/hashicorp/terraform-plugin-mux from 0.14.0 to 0.15.0 (#​3149)
• provider: bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.32.0 to 2.33.0 (#​3142)
• provider: bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.32.0 to 2.33.0 (#​3147)
• provider: bump github.com/hashicorp/terraform-plugin-testing from 1.6.0 to 1.7.0 (#​3162)
• provider: bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#​3157)
• provider: bump golang.org/x/net from 0.21.0 to 0.22.0 (#​3160)

v4.25.0

Compare Source

BREAKING CHANGES:

• resource/cloudflare_custom_pages: Removed the always_online variant. This page is never generated anymore, if a requested page is unavailable in the archive the error page that would have been shown if always online wasn't enabled is shown. (#​3117)

ENHANCEMENTS:

• resource/cloudflare_access_application: adds oidc saas application support (#​3133)
• resource/cloudflare_access_application: adds the ability to set allow_authenticate_via_warp. (#​3103)
• resource/cloudflare_access_organization: adds the ability to set allow_authenticate_via_warp and warp_auth_session_duration. (#​3103)
• resource/cloudflare_teams_account: Add support for extended e-mail matching (#​3089)
• resource/cloudflare_teams_accounts: Added notification settings to teams antivirus settings (#​3124)
• resource/pages_project: Add build_caching attribute (#​3110)

BUG FIXES:

• resource/cloudflare_email_routing_address: add schema migrator (#​3119)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.0 (#​3118)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.27.0 to 1.27.1 (#​3134)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.16.16 to 1.17.0 (#​3118)
• provider: bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.0 to 1.17.1 (#​3134)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.49.0 (#​3118)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.49.0 to 1.50.0 (#​3125)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.50.0 to 1.50.1 (#​3128)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.50.1 to 1.50.2 (#​3134)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.24.1 to 1.25.0 (#​3118)
• provider: bump github.com/cloudflare/cloudflare-go from 0.87.0 to 0.88.0 (#​3122)
• provider: bump golang.org/x/net from 0.20.0 to 0.21.0 (#​3108)
• provider: bump golangci/golangci-lint-action from 3 to 4 (#​3115)

v4.24.0

Compare Source

ENHANCEMENTS:

• datasource/cloudflare_record: Add the option to filter by "content" (#​3084)

BUG FIXES:

• resource/cloudflare_access_application: leave existence error handling checks to the Read operation when performing imports. (#​3075)
• resource/cloudflare_device_settings_policy: updated docs that auto_connect is in seconds, not in minutes (#​3080)
• resource/cloudflare_dlp_profile: fixed plan flapping with DLP custom entries (#​3090)
• resource/email_routing_rule: add schema migration for upgrading 4.22.0 to 4.23.0 (#​3102)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#​3078)
• provider: bump github.com/cloudflare/cloudflare-go from 0.86.0 to 0.87.0 (#​3095)
• provider: bump github.com/google/uuid from 1.5.0 to 1.6.0 (#​3076)
• provider: bump github.com/hashicorp/terraform-plugin-go from 0.20.0 to 0.21.0 (#​3081)
• provider: bump github.com/hashicorp/terraform-plugin-mux from 0.13.0 to 0.14.0 (#​3085)
• provider: bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.31.0 to 2.32.0 (#​3086)
• provider: bump peter-evans/create-or-update-comment from 3 to 4 (#​3079)

v4.23.0

Compare Source

BREAKING CHANGES:

• resource/cloudflare_list_item: include_subdomains is now a boolean value. If you previously set it to "enabled", you should update your configuration to use true instead or if you set it to "disabled", you should update it to false. The rest will be handled by the internal state migrator. (#​3026)
• resource/cloudflare_list_item: preserve_path_suffix is now a boolean value. If you previously set it to "enabled", you should update your configuration to use true instead or if you set it to "disabled", you should update it to false. The rest will be handled by the internal state migrator. (#​3026)
• resource/cloudflare_list_item: preserve_query_string is now a boolean value. If you previously set it to "enabled", you should update your configuration to use true instead or if you set it to "disabled", you should update it to false. The rest will be handled by the internal state migrator. (#​3026)
• resource/cloudflare_list_item: subpath_matching is now a boolean value. If you previously set it to "enabled", you should update your configuration to use true instead or if you set it to "disabled", you should update it to false. The rest will be handled by the internal state migrator. (#​3026)

ENHANCEMENTS:

• resource/cloudflare_access_application: adds the ability to set default_relay_state on saas applications. (#​3053)
• resource/cloudflare_email_routing_address: add ability to import (#​2977)
• resource/cloudflare_email_routing_rule: add ability to import (#​2998)
• resource/cloudflare_notification_policy: Implement the affected_components option (#​3009)

INTERNAL:

• cloudflare_email_routing_rule: migrate to plugin framework (#​2998)
• resource/cloudflare_email_routing_address: migrate to framework provider (#​2977)
• resource/cloudflare_list_item: migrate to plugin framework. Due to this migration, we are removing some workaround field values that were previously in place to account for the known zero value issues in the underlying SDKv2. See the release notes for the end user facing changes that need to be made for the internal state migrator to handle the internals. (#​3026)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.3 to 1.26.4 (#​3065)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.4 to 1.26.5 (#​3071)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.5 to 1.26.6 (#​3074)
• provider: bump actions/cache from 3 to 4 (#​3067)
• provider: bump github.com/cloudflare/cloudflare-go from 0.85.0 to 0.86.0 (#​3066)
• provider: bump github.com/hashicorp/terraform-plugin-framework from 1.4.2 to 1.5.0 (#​3058)

v4.22.0

Compare Source

FEATURES:

• New Resource: cloudflare_worker_secret (#​3035)

ENHANCEMENTS:

• resource/cloudflare_notification_policy: Add tunnel_id filter for tunnel_health_event policies (#​3038)
• resource/cloudflare_worker_script: adds D1 binding support (#​2960)

BUG FIXES:

• cloudflare_notification_policy: revert ExactlyOneOf (#​3032)
• resource/cloudflare_dlp_profile: Prevent misidentified changes in dlp resources (#​3044)
• resource/cloudflare_teams_rule: changed type & validation on the notification settings url (#​3030)
• resource/cloudflare_teams_rules: fix block_page_enabled behaviour (#​3010)
• resource/cloudflare_turnstile_widget: Support empty list of domains (#​3046)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.2 to 1.26.3 (#​3042)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.7 to 1.47.8 (#​3042)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.8 to 1.48.0 (#​3043)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.24.0 to 1.24.1 (#​3042)
• provider: bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#​3047)
• provider: bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 in /tools (#​3048)
• provider: bump github.com/cloudflare/cloudflare-go from 0.84.0 to 0.85.0 (#​3034)
• provider: bump github.com/go-git/go-git/v5 from 5.4.2 to 5.11.0 in /tools (#​3029)
• provider: bump golang.org/x/net from 0.19.0 to 0.20.0 (#​3050)

v4.21.0

Compare Source

ENHANCEMENTS:

• resource/cloudflare_access_application: adds the ability to set customization fields on the app launcher application. (#​2777)
• resource/cloudflare_access_organization: remove default value for session_duration. (#​2995)
• resource/cloudflare_access_policy: remove default value for session_duration. (#​2995)
• resource/cloudflare_device_posture_integration: add support for access_client_id and access_client_secret fields (#​3013)
• resource/cloudflare_logpush_job: add support for magic_ids_detections. (#​2983)
• resource/cloudflare_notification_policy: enable selector filter and add traffic_anomalies_alert as a policy alert type (#​2976)
• resource/cloudflare_pages_project: support standard usage model for functions (#​2963)
• resource/cloudflare_tunnel_config: Destroying tunnel configurations now applies an empty configuration rather than deleting the parent cloudflare_tunnel resource (#​2769)

BUG FIXES:

• resource/cloudflare_list_item: fix issue preventing usage of redirect item type (#​2975)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.10 to 1.25.11 (#​2973)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.11 to 1.25.12 (#​2987)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.12 to 1.26.0 (#​2993)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.12 to 1.26.0 (#​2993)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.5 to 1.25.8 (#​2968)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.8 to 1.25.9 (#​2969)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.9 to 1.25.10 (#​2971)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.0 to 1.26.1 (#​2997)
• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.26.1 to 1.26.2 (#​3022)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.44.0 to 1.46.0 (#​2968)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.46.0 to 1.47.0 (#​2969)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.0 to 1.47.1 (#​2971)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.1 to 1.47.2 (#​2973)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.2 to 1.47.3 (#​2987)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.3 to 1.47.4 (#​2993)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.3 to 1.47.4 (#​2993)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.4 to 1.47.5 (#​2997)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.5 to 1.47.6 (#​3016)
• provider: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.6 to 1.47.7 (#​3022)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.23.1 to 1.23.2 (#​2968)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.23.2 to 1.23.3 (#​2969)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.23.3 to 1.23.4 (#​2971)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.23.4 to 1.23.5 (#​2973)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.23.5 to 1.24.0 (#​2993)
• provider: bump github.com/aws/aws-sdk-go-v2 from 1.23.5 to 1.24.0 (#​2993)
• provider: bump actions/setup-go from 4 to 5 (#​2989)
• provider: bump actions/stale from 8 to 9 (#​2992)
• provider: bump github.com/cloudflare/cloudflare-go from 0.82.0 to 0.83.0 (#​2988)
• provider: bump github.com/cloudflare/cloudflare-go from 0.83.0 to 0.84.0 (#​3019)
• provider: bump github.com/google/uuid from 1.4.0 to 1.5.0 (#​3002)
• provider: bump github.com/hashicorp/terraform-plugin-mux from 0.12.0 to 0.13.0 (#​3006)
• provider: bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.30.0 to 2.31.0 (#​3007)
• provider: bump github.com/hashicorp/terraform-plugin-testing from 1.5.1 to 1.6.0 (#​2984)
• provider: bump github/codeql-action from 2 to 3 (#​3005)
• provider: bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /tools (#​3015)
• provider: bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#​3017)
• resource/cloudflare_teams_rule: Added support for notification settings at teams rule (#​3021)

v4.20.0

Compare Source

FEATURES:

• New Data Source: cloudflare_origin_ca_certificate (#​2961)

ENHANCEMENTS:

• resource/cloudflare_email_routing_rule: action.value is now optional to support drop rules not requiring it (#​2449)
• resource/cloudflare_email_routing_rule: add action type drop (#​2449)
• resource/cloudflare_notification_policy: add support for brand_protection_alert alert type (#​2937)
• resource/cloudflare_notification_policy: add support for brand_protection_digest alert type (#​2937)
• resource/cloudflare_notification_policy: add support for logo_match_alert alert type (#​2937)
• resource/cloudflare_notification_policy: add support for magic_tunnel_health_check_event alert type (#​2937)
• resource/cloudflare_notification_policy: add support for maintenance_event_notification alert type (#​2937)
• resource/cloudflare_notification_policy: add support for mtls_certificate_store_certificate_expiration_type alert type (#​2937)
• resource/cloudflare_notification_policy: add support for radar_notification alert type (#​2937)
• resource/cloudflare_ruleset: make rate limiting requests_to_origin optional with a default value of false to match the API behaviour (#​2954)

BUG FIXES:

• resource/cloudflare_list_item: fix list_item for asn and hostname types (#​2951)
• resource/cloudflare_notification_policy: Fix missing new_status filter required by tunnel_health_event policies (#​2390)

DEPENDENCIES:

• provider: bump github.com/aws/aws-sdk-go-v2/config from 1.25.1 to

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.