feat(deps): update terraform cloudflare (5.12.0 → 5.14.0) by the-iron-giant[bot] · Pull Request #317 · iamryanmacdonald/gitops

the-iron-giant · 2025-11-21T11:14:29Z

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
cloudflare (source)	required_provider	minor	`5.12.0` -> `5.14.0`

Release Notes

cloudflare/terraform-provider-cloudflare (cloudflare)

`v5.14.0`

Compare Source

Full Changelog: v5.13.0...v5.14.0

Features

add v4->v5 migration tests for pages_project and adjust schema (#6506) (6de0179)
chore: point Terraform to Go 'next' (af9a5f8)
chore: update go sdk to v6.4.0 for provider release (63cb021)
chore(api_shield_discovery_operation): Deprecate api_shield_discovery_operation (7dc0a63)
feat: BOTS-7562 add bot management feedback endpoints to stainless config (prod) (f5112e1)
feat(r2_data_catalog): Configure SDKs/Terraform to use R2 Data Catalog routes (5beb50b)
feat(radar): Add origins endpoints to public api docs (ee51e5f)
improve and standardize sweepers (#6501) (03fb2d2)

Bug Fixes

account_members: making member policies a set (#6488) (f3ecaa5)
decoder and tests (#6516) (4c3e2db)
decoder, build (#6514) (1935459)
pages_project: non empty refresh plans (#6515) (bc526ff)
pages_project: use correct field name in test sweeper (6dc0e53)
r2 sweeper (#6512) (fec953c)
tests: resolve SDK v6 migration test failures (#6507) (bad9716)
update import signature to accept account_id/subscription_id in order to import account subscription (#6510) (c2db582)
utils: test assertions (4c3e2db)
workers_kv: ignore value import state verify (#6521) (c3e3f89)
workers_script: No longer treating the migrations attribute as WriteOnly (#6489) (dc60e38)
workers_script: resource drift when worker has unmanaged secret (#6504) (505c0fe)
zero_trust_device_posture_rule: preserve input.version and other fields (#6500) (4c4e54b)
zero_trust_device_posture_rule: preserve input.version and other fields (#6503) (d45be9a)
zero_trust_dlp_custom_profile: add sweepers for dlp_custom_profile (cbcb325)
zone_subscription|account_subscription: add partners_ent as valid enum for rate_plan.id (#6505) (2a70fb4)
zone: datasource model schema parity (#6487) (861c68f)

Chores

account_member: dont run acceptance with env variable (4c3e2db)
account_member: fix check for env var (#6517) (07e9aa5)
account_member: skip until user is dsr enabled (#6522) (dd7c2fe)
account_tokens: adding a simple CRUD test (#6484) (6869538)
api: update composite API spec (71fc050)
api: update composite API spec (68d017a)
cloudflare_api_shield_operation: Add acceptance tests (#6491) (37e1fdf)
docs: update documentation (#6523) (a060e61)
internal: codegen related update (923ea1d)
internal: codegen related update (a110cbe)
internal: codegen related update (7b36c06)
internal: codegen related update (c789f91)
internal: codegen related update (a91faa6)
internal: codegen related update (dfa745a)
internal: codegen related update (fb3ef1b)
internal: codegen related update (504e8b6)
internal: codegen related update (550d77c)
logpush_job: add v4 to v5 migration tests (#6483) (2e4b8a0)
tests: cloud connector rules parity tests and add connectivity_directory_service tests (#6513) (5341c82)
update changelog (#6480) (adba156)
update changelog (#6525) (b026b4d)
zero_trust_device_default_profile_local_domain_fallback: add tests (#6464) (365cb71)
zero_trust_device_default|custom_profile: acceptance test coverage (#6511) (8e4ec1a)
zero_trust_device_managed_networks: add tests (#6463) (e9b6783)
zero_trust_device_posture_integration: update tests for to test with Crowdstrike (#6470) (e360d6f)
zone: update migration tests (#6468) (8ff53df)

`v5.13.0`

Compare Source

Full Changelog: v5.12.0...v5.13.0

⚠ BREAKING CHANGES: cloudflare_api_token & cloudflare_account_token Schema Update

The 5.13 release includes major updates to the cloudflare_api_token resource to eliminate configuration drift caused by policy ordering differences in the Cloudflare API.

Fixes: #6092

Whats changed

policies are now a Set; order is ignored to prevent drift.
When defining a policy, resources must use jsonencode(); all policy resource values must now be JSON-encoded strings.
Removed fields: id, name, and meta have been removed from policy blocks.

Required Action (v5.13+)
Customers looking to upgrade to v5.13+ must update all cloudflare_api_token & cloudflare_account_token resources to wrap policy resource values in jsonencode()

Before:

resources = {
  "com.cloudflare.api.account.${var.cf_account_id}" = "*"
}

After:

resources = jsonencode({
  "com.cloudflare.api.account.${var.cf_account_id}" = "*"
})

account_token: token policy order and nested resources (#6440)

Features

add new resources and data sources (7ce3dec)
api_token+account_tokens: state upgrader and schema bump (#6472) (42f7db2)
chore(build): point Terraform to released Go v6.3.0 (6d06b46)
docs: make docs explicit when a resource does not have import support (02699f6)
magic_transit_connector: support self-serve license key (#6398) (a6ec134)
worker_version: add content_base64 support (6ff643f)
worker_version: boolean support for run_worker_first (#6407) (116a67b)
workers_script_subdomains: add import support (#6375) (40f7ed8)
zero_trust_access_application: add proxy_endpoint for ZT Access Application (#6453) (177f20a)
zero_trust_dlp_predefined_profile: Switch DLP Predefined Profile endpoints, introduce enabled_entries attribute (bc69569)
zero_trust_tunnel_cloudflared: v4 to v5 migration tests (#6461) (ffa0fef)

Bug Fixes

account_token: token policy order and nested resources (#6440) (86c5972)
allow r2_bucket_event_notification to be applied twice without failing (#6419) (6fbd4c5)
cloudflare_worker+cloudflare_worker_version: import for the resources (#6357) (b98e0be)
dns_record: inconsistent apply error (#6452) (f289994)
pages_domain: resource tests (#6338) (d769e29)
pages_project: unintended resource state drift (#6377) (1a3955a)
queue_consumer: id population (#6181) (f3c6498)
workers_kv: multipart request (#6367) (65f8c19)
workers_kv: updating workers metadata attribute to be read from endpoint (#6386) (3a35757)
workers_script_subdomain: add note to cloudflare_workers_script_subdomain about redundancy with cloudflare_worker (#6383) (9cc9b59)
workers_script: allow config.run_worker_first to accept list input (fab567c)
zero_trust_device_custom_profile_local_domain_fallback: drift issues (#6365) (65c0c18)
zero_trust_device_custom_profile: resolve drift issues (#6364) (4cd2cbd)
zero_trust_dex_test: correct configurability for 'targeted' attribute to fix drift (cd81178)
zero_trust_tunnel_cloudflared_config: remove warp_routing from cloudflared_config (#6471) (dc9d557)

Chores

account_member: add migration test (#6425) (967a972)
byoip: integrate generated changes for BYOIP resources (432160e)
certificate_pack: docs show safe rotation instructions (#6388) (3d37264)
ci: clean up leftover files in resources (#6474) (e8aee72)
ci: drop migration tests from CI (#6476) (968565f)
ci: fix tests ran on release PR (#6478) (0b43c46)
ci: fixes for parity tests and build failures (#6475) (3561876)
ci: modify sweepers (#6479) (4c8915d)
ci: skip flaky test in CI (fb14d86)
cloudflare_zero_trust_dlp_custom_profile: migration test and ignore order as set (#6428) (1659ff3)
d1: integrate generated changes for D1 resources (cfa3472)
dns_record: improve dns sweepers (#6430) (5e62468)
docs: document configurations and examples (#6449) (59430e0)
docs: generate docs and examples (cdd77ec)
email_routing: improved email routing sweepers (#6429) (133c81e)
iam: integrate generated changes for IAM resources (a87806e)
include new sections for pr template (#6395) (81c07e1)
load_balancing: integrate generated changes for Load Balancing resources (4c6b34d)
logpull_retention: add migration test for (#6426) (529f313)
logpull_retention: update acceptance test (#6277) (3766b3f)
logpush_job: add import tests for resource (#6402) (cded8ec)
logpush: integrate generated changes for Logpush resources (06e8446)
notification_policy_webhook: add migration test for notification-policy-webhook (#6443) (742d647)
pages: integrate generated changes for Pages resources (64855ea)
queue_consumer: testdata refactor (d301974)
r2_bucket: v4 to v5 migration tests for cloudflare_r2_bucket (#6437) (99ed1ee)
sso_connector: add acceptance tests (#6427) (8b54303)
stainless: integrate changes from unpinned codegen version (9cb3b8e)
test: acceptance tests for token validation resources (#6417) (4d94bdd)
test: add schema and token validation acceptance tests to CI (#6421) (b805abc)
test: increase legacy migrator test coverage (#6401) (9a8c48a)
universal_ssl_setting: add acceptance tests for universal_ssl_setting (2601c45)
worker: integrate generated changes for Worker resources (1da2bf2)
workers_kv_namespace: v4 to v5 migration tests for workers_kv_namespace (#6424) (433010f)
workers_kv: v4 to v5 migration tests for workers_kv (#6435) (58ca912)
workers_script: add workers scripts sweeper (#6351) (f439a08)
workers_script: fix resource name in TestAccCloudflareWorkerScript_ModuleWithDurableObject (614d8d3)
workers_script: fix resource names in tests (788e73a)
workers: integrate generated changes for Workers resources (ab0a330)
zero_trust_access_service_token: add migration test for zero_trust_access_service_token (#6416) (c77d5d5)
zero_trust_gateway_policy: v4 to v5 migration for zero_trust_gateway_policy (#6413) (1c1952b)
zero_trust_list: v4 to v5 migration tests for zero trust list records (#6400) (6ed55d6)
zero_trust_tunnel_cloudflared_route: v4 to v5 migration tests for zero_trust_tunnel_cloudflared_route (#6409) (5dc2094)
zero_trust, cfone: integrate generated changes for ZT and CFONE resources (b7131b2)
zone_dnssec: v4 to v5 migration tests for zone_dnssec (#6432) (86abd1f)
zone_settings: acceptance test to repro issue #6363 (#6445) (707c154)
zones: data source tests (#6414) (4d58e56)
zt_access: add sweepers for policy and service token (#6465) (9f4fa94)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

the-iron-giant Bot added renovate/terraform type/minor area/terraform labels Nov 21, 2025

the-iron-giant Bot had a problem deploying to terraform November 21, 2025 11:14 Failure

feat(deps): update terraform cloudflare (5.12.0 → 5.14.0)

2933a5d

the-iron-giant Bot force-pushed the renovate/cloudflare-5.x branch from 2eccd4e to 2933a5d Compare December 6, 2025 03:06

the-iron-giant Bot changed the title ~~feat(deps): update terraform cloudflare (5.12.0 → 5.13.0)~~ feat(deps): update terraform cloudflare (5.12.0 → 5.14.0) Dec 6, 2025

the-iron-giant Bot had a problem deploying to terraform December 6, 2025 03:06 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(deps): update terraform cloudflare (5.12.0 → 5.14.0)#317

feat(deps): update terraform cloudflare (5.12.0 → 5.14.0)#317
the-iron-giant[bot] wants to merge 1 commit into
mainfrom
renovate/cloudflare-5.x

the-iron-giant Bot commented Nov 21, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

the-iron-giant Bot commented Nov 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v5.14.0

Features

Bug Fixes

Chores

v5.13.0

⚠ BREAKING CHANGES: cloudflare_api_token & cloudflare_account_token Schema Update

Features

Bug Fixes

Chores

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

the-iron-giant Bot commented Nov 21, 2025 •

edited

Loading

`v5.14.0`

`v5.13.0`