Update Terraform cloudflare to v5.13.0

[renovate]

This PR contains the following updates:

Package	Type	Change
cloudflare (source)	required_provider	5.12.0 -> 5.13.0

---

Release Notes

cloudflare/terraform-provider-cloudflare (cloudflare)

v5.13.0

Compare Source

Full Changelog: v5.12.0...v5.13.0

⚠ BREAKING CHANGES: cloudflare_api_token & cloudflare_account_token Schema Update

The 5.13 release includes major updates to the cloudflare_api_token resource to eliminate configuration drift caused by policy ordering differences in the Cloudflare API.

Fixes: #​6092

Whats changed

• policies are now a Set; order is ignored to prevent drift.
• When defining a policy, resources must use jsonencode(); all policy resource values must now be JSON-encoded strings.
• Removed fields: id, name, and meta have been removed from policy blocks.

Required Action (v5.13+)
Customers looking to upgrade to v5.13+ must update all cloudflare_api_token & cloudflare_account_token resources to wrap policy resource values in jsonencode()

Before:

resources = {
  "com.cloudflare.api.account.${var.cf_account_id}" = "*"
}

After:

resources = jsonencode({
  "com.cloudflare.api.account.${var.cf_account_id}" = "*"
})

• account_token: token policy order and nested resources (#​6440)

Features

• add new resources and data sources (7ce3dec)
• api_token+account_tokens: state upgrader and schema bump (#​6472) (42f7db2)
• chore(build): point Terraform to released Go v6.3.0 (6d06b46)
• docs: make docs explicit when a resource does not have import support (02699f6)
• magic_transit_connector: support self-serve license key (#​6398) (a6ec134)
• worker_version: add content_base64 support (6ff643f)
• worker_version: boolean support for run_worker_first (#​6407) (116a67b)
• workers_script_subdomains: add import support (#​6375) (40f7ed8)
• zero_trust_access_application: add proxy_endpoint for ZT Access Application (#​6453) (177f20a)
• zero_trust_dlp_predefined_profile: Switch DLP Predefined Profile endpoints, introduce enabled_entries attribute (bc69569)
• zero_trust_tunnel_cloudflared: v4 to v5 migration tests (#​6461) (ffa0fef)

Bug Fixes

• account_token: token policy order and nested resources (#​6440) (86c5972)
• allow r2_bucket_event_notification to be applied twice without failing (#​6419) (6fbd4c5)
• cloudflare_worker+cloudflare_worker_version: import for the resources (#​6357) (b98e0be)
• dns_record: inconsistent apply error (#​6452) (f289994)
• pages_domain: resource tests (#​6338) (d769e29)
• pages_project: unintended resource state drift (#​6377) (1a3955a)
• queue_consumer: id population (#​6181) (f3c6498)
• workers_kv: multipart request (#​6367) (65f8c19)
• workers_kv: updating workers metadata attribute to be read from endpoint (#​6386) (3a35757)
• workers_script_subdomain: add note to cloudflare_workers_script_subdomain about redundancy with cloudflare_worker (#​6383) (9cc9b59)
• workers_script: allow config.run_worker_first to accept list input (fab567c)
• zero_trust_device_custom_profile_local_domain_fallback: drift issues (#​6365) (65c0c18)
• zero_trust_device_custom_profile: resolve drift issues (#​6364) (4cd2cbd)
• zero_trust_dex_test: correct configurability for 'targeted' attribute to fix drift (cd81178)
• zero_trust_tunnel_cloudflared_config: remove warp_routing from cloudflared_config (#​6471) (dc9d557)

Chores

• account_member: add migration test (#​6425) (967a972)
• byoip: integrate generated changes for BYOIP resources (432160e)
• certificate_pack: docs show safe rotation instructions (#​6388) (3d37264)
• ci: clean up leftover files in resources (#​6474) (e8aee72)
• ci: drop migration tests from CI (#​6476) (968565f)
• ci: fix tests ran on release PR (#​6478) (0b43c46)
• ci: fixes for parity tests and build failures (#​6475) (3561876)
• ci: modify sweepers (#​6479) (4c8915d)
• ci: skip flaky test in CI (fb14d86)
• cloudflare_zero_trust_dlp_custom_profile: migration test and ignore order as set (#​6428) (1659ff3)
• d1: integrate generated changes for D1 resources (cfa3472)
• dns_record: improve dns sweepers (#​6430) (5e62468)
• docs: document configurations and examples (#​6449) (59430e0)
• docs: generate docs and examples (cdd77ec)
• email_routing: improved email routing sweepers (#​6429) (133c81e)
• iam: integrate generated changes for IAM resources (a87806e)
• include new sections for pr template (#​6395) (81c07e1)
• load_balancing: integrate generated changes for Load Balancing resources (4c6b34d)
• logpull_retention: add migration test for (#​6426) (529f313)
• logpull_retention: update acceptance test (#​6277) (3766b3f)
• logpush_job: add import tests for resource (#​6402) (cded8ec)
• logpush: integrate generated changes for Logpush resources (06e8446)
• notification_policy_webhook: add migration test for notification-policy-webhook (#​6443) (742d647)
• pages: integrate generated changes for Pages resources (64855ea)
• queue_consumer: testdata refactor (d301974)
• r2_bucket: v4 to v5 migration tests for cloudflare_r2_bucket (#​6437) (99ed1ee)
• sso_connector: add acceptance tests (#​6427) (8b54303)
• stainless: integrate changes from unpinned codegen version (9cb3b8e)
• test: acceptance tests for token validation resources (#​6417) (4d94bdd)
• test: add schema and token validation acceptance tests to CI (#​6421) (b805abc)
• test: increase legacy migrator test coverage (#​6401) (9a8c48a)
• universal_ssl_setting: add acceptance tests for universal_ssl_setting (2601c45)
• worker: integrate generated changes for Worker resources (1da2bf2)
• workers_kv_namespace: v4 to v5 migration tests for workers_kv_namespace (#​6424) (433010f)
• workers_kv: v4 to v5 migration tests for workers_kv (#​6435) (58ca912)
• workers_script: add workers scripts sweeper (#​6351) (f439a08)
• workers_script: fix resource name in TestAccCloudflareWorkerScript_ModuleWithDurableObject (614d8d3)
• workers_script: fix resource names in tests (788e73a)
• workers: integrate generated changes for Workers resources (ab0a330)
• zero_trust_access_service_token: add migration test for zero_trust_access_service_token (#​6416) (c77d5d5)
• zero_trust_gateway_policy: v4 to v5 migration for zero_trust_gateway_policy (#​6413) (1c1952b)
• zero_trust_list: v4 to v5 migration tests for zero trust list records (#​6400) (6ed55d6)
• zero_trust_tunnel_cloudflared_route: v4 to v5 migration tests for zero_trust_tunnel_cloudflared_route (#​6409) (5dc2094)
• zero_trust, cfone: integrate generated changes for ZT and CFONE resources (b7131b2)
• zone_dnssec: v4 to v5 migration tests for zone_dnssec (#​6432) (86abd1f)
• zone_settings: acceptance test to repro issue #​6363 (#​6445) (707c154)
• zones: data source tests (#​6414) (4d58e56)
• zt_access: add sweepers for policy and service token (#​6465) (9f4fa94)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

GitLab Pipeline Action

General information

Link to pipeline: https://gitlab.com/code0-tech/infrastructure/mensa/-/pipelines/2172873745

Status: Passed
Duration: 1 minutes

Job summaries

tf-plan:server_administration

No changes. Your infrastructure matches the configuration.

tf-plan:github

No changes. Your infrastructure matches the configuration.

tf-plan:main

No changes. Your infrastructure matches the configuration.