Update Terraform cloudflare to v5

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
cloudflare (source)	required_provider	major	4.52.5 → 5.18.0

---

Release Notes

cloudflare/terraform-provider-cloudflare (cloudflare)

v5.18.0

Compare Source

Full Changelog: v5.17.0...v5.18.0

Features

• access_rule: support state upgraders for migration (67fd741)
• api_shield_operation: state upgrader (ecd51d4)
• api_token: state upgrader (ac5eb62)
• authenticated_origin_pulls_certificate: v4 to v5 migration (8d9930d)
• bot_management: state upgrader (4d9ee27)
• chore: clean up removed endpoint from config (52f120d)
• chore: update cloudflare-go dependency to next (c92a4cb)
• chore: use Go SDK v6.8.0 for release (b695914)
• feat: GIN-1439: Add gateway PAC files (9de415f)
• feat(client_certificate): enable terraform for client_certificates (58f6a08)
• feat(custom_origin_trust_store): enable custom_origin_trust_store (1c0f313)
• feat(stainless): AUTH-7071 Complete Access Users endpoint (2d4101d)
• fix: add 'rdp' as an initialism (9aa6e67)
• list_item: state upgrader (70b70c5)
• list: state upgrader (41def2f)
• logpull_retention: support state upgrader #​6754 (78409e1)
• logpush_job: support state upgrader (275efd5)
• managed_transforms: state upgrader (8de2938)
• notication_policy: state upgrader (dbcbda8)
• regional_hostname: state upgrader (ed98d9e)
• ruleset: add new actions for http_response_cache_settings phase (beeb49e)
• snippet_rules: use state upgrade (91a7d1a)
• snippet: use state upgrade (dbc8107)
• spectrum_application: state upgrader (0957f09)
• state upgrader (bbd68e0)
• url_normalization_settings: state upgrader (f933791)
• workers_kv_namespace: add state upgrader logic (695a1e1)
• workers_route: implement state upgrader (cef2a35)
• workers_script: implement state upgrader and move state (f7e20f8)
• zero_trust_access_application: state upgrader (5427fd9)
• zero_trust_access_group: add state upgrader logic and tests (5d0c09f)
• zero_trust_access_identity_provider: state upgraders (c8c88f0)
• zero_trust_access_mtls_certificate: state upgraders (15c5b8e)
• zero_trust_access_mtls_hostname_settings: state upgraders (fe7a900)
• zero_trust_device_managed_networks: state upgrader (0ee822f)
• zero_trust_device_posture_rule: state upgrader (e4bdf6b)
• zero_trust_dex_test: state upgrader (4b61d73)
• zero_trust_dlp_custom_profile: state upgrader (ca47a4d)
• zero_trust_dlp_entries: feat no-op state upgraders (808c706)
• zero_trust_dlp_predefined_profile: state upgrader (71278f0)
• zero_trust_gateway_policy: state upgrader (cb4ff67)
• zero_trust_list: implement state upgrader (5134e5c)
• zero_trust_tunnel_cloudflared_config: support state upgrader (a79e6ea)
• zero_trust_tunnel_cloudflared_route: state upgrader (40289a3)
• zone_dnssec: add state upgrader logic (1103393)
• zone_subscription: add state upgraders for zone_subscription (3512262)
• zone: add resource state migrations (049e9a9)

Bug Fixes

• authenticated_origin_pulls_certificate and authenticated_origin_pulls_hostname_certificate model and schema (8287f8a)
• custom_ssl: 'deploy' default removed due to entitlements requirement (267abd5)
• docs: v5 migration for authenticated_origin_pulls (zone and hostname) (917dc79)
• docs: v5 migration for authenticated_origin_pulls certs (zone and hostname) (502766d)
• handling case where directory is null (72f78a7)
• list: published version (4f695aa)
• load_balancer: improve recurring drift in origins attribute (248c746)
• migrations: use local provider for v5 migration tests (de0b294)
• queue: migration model (c9f3274)
• revert snippet_rules data source deletion (f489eb8)
• spectrum_application: ips are computed optional (9281cdb)
• spectrum_application: update 'ips' type and configurability in the model (f8742f3)
• workers_script: include the original migration which existed (10b1b41)
• workers_script: placement in union schema (53ee900)
• workers_script: schema and model after merge conflict? (892c0d0)
• zero_trust_access_group: normalization for include, exclude and require (ec84aaf)
• zero_trust_device_posture_rule: model schema parity and gate (f18d0a8)
• zero_trust_dlp_custom_profile: migration model (dae6782)
• zero_trust_dlp_custom_profile: schema model parity (adda119)
• zero_trust_organization: remove default values from attributes causing drift (d408f2e)

Chores

• api: update composite API spec (ff602e7)
• api: update composite API spec (e767186)
• api: update composite API spec (81aacfa)
• api: update composite API spec (776c452)
• api: update composite API spec (efbdf3f)
• api: update composite API spec (2d79225)
• api: update composite API spec (565a842)
• api: update composite API spec (259a7bd)
• api: update composite API spec (deadfa0)
• api: update composite API spec (1e91bbe)
• api: update composite API spec (d09e587)
• api: update composite API spec (239b2b6)
• api: update composite API spec (cc8abe5)
• api: update composite API spec (424518f)
• api: update composite API spec (d444521)
• api: update composite API spec (404b7b2)
• api: update composite API spec (9a9324f)
• api: update composite API spec (ec1d34e)
• api: update composite API spec (1bf0f08)
• custom_pages: add state upgraders logic (8feda78)
• docs: update documentation (968a766)
• docs: update example and doc (9ea618c)
• internal: codegen related update (d39697f)
• internal: codegen related update (86e94df)
• internal: codegen related update (f212c64)
• internal: codegen related update (bbe88b6)
• internal: codegen related update (938118d)
• internal: codegen related update (d2b1e8d)
• internal: codegen related update (2129377)
• internal: codegen related update (ce10e25)
• internal: codegen related update (4c2f9b0)
• internal: codegen related update (0d936f6)
• internal: codegen related update (5b18851)
• internal: codegen related update (02f6d57)
• internal: codegen related update (bd4f014)
• internal: codegen related update (5142372)
• internal: codegen related update (7b6808b)
• internal: codegen related update (2ca23ba)
• internal: codegen related update (285a90d)
• internal: codegen related update (4b0cdeb)
• internal: codegen related update (c84470e)
• internal: codegen related update (a992736)
• internal: codegen related update (4ae01ef)
• internal: codegen related update (e37a7e7)
• internal: codegen related update (3553499)
• internal: codegen related update (bba5c6f)
• internal: codegen related update (85859b2)
• internal: codegen related update (90ffea1)
• load_balancer_monitor: implement v4->v5 state migration (ae47e9c)
• load_balancer: implement v4->v5 state migration (14fb2e5)
• notification_policy_webhooks: support state upgrader (1f223f6)
• queue_consumer: support state upgraders (c28386e)
• queue_consumer: support state upgraders (67c546d)
• queue: support state upgraders (109c401)
• resources: don't trigger upgrade (92d92bc)
• snippets: clean up unused funcs (c8fdb9a)
• workers_kv: adjust for state upgraders logic (493975f)
• zero_trust_access_group: enable cross resource dependent test (7798310)
• zero_trust_dlp_custom_profile: cleanup (de457ca)
• zero_trust_dlp_predefined_profile: cleanup (10c57a5)
• zone_subscription: update test (8d58520)
• zone: add test cases (f227117)

Documentation

• update docs again for v5.18.0 (6b459d5)
• update docs for v5.18.0 (d98474e)

Refactors

• zero_trust_access_policy: match directory structure (43f639a)

v5.17.0

Compare Source

Full Changelog: v5.16.0...v5.17.0

Features

• account: add RequiresReplace modifier to unit.id field (7cbb327)
• bump schema verion in prep for state upgraders (a721535)
• bump schema verion in prep for state upgraders (a721535)
• chore: bump cloudflare-go dependency for TF (3b4de30)
• chore: skip codegen in authenticated_origin_pulls_certificate (22d11ab)
• chore: skip codegen in authenticated_origin_pulls_hostname_certificate (0fdd92e)
• chore: skip codegen in hostnames authenticated_origin_pulls (82aab9d)
• chore: skip codegen in mtls_certificates (1b14224)
• chore: use 'next' branch of Go SDK in Terraform (809a3f3)
• custom_hostname_fallback_origin: add comprehensive lifecycle test (054611a)
• custom_hostname_fallback_origin: add migration tests and state upgrader logic (855ef8a)
• custom_hostname_fallback_origin: add v4 to v5 migration tests (0542720)
• feat(api): RAG-586: enable terraform for AI Search instances and tokens (fe5239d)
• feat(radar): add BGP RPKI ASPA endpoints and fix SDK casings (e6a03b6)
• fix: authenticated_origin_pulls_settings missing id configuration (abe9087)
• fix(total_tls): use upsert pattern for singleton zone setting (1a79609)
• leaked_credential_check: add import functionality. add tests for import (76e44f0)
• pages_project: use state upgraders (db96be7)
• refactor(terraform): restructure origin_tls_client_auth to peer subresources (6c12fea)
• state upgrader (deee33f)
• state upgrader (d8e4529)
• tiered caching state upgrader (d9d2c74)
• tiered caching state upgrader (d9d2c74)
• tiered_cache: use state upgraders (8cb061c)
• turstile_widget: add v4 to v5 migration tests (a1e27af)
• zero_trust_organization: add migration test (1032e4e)

Bug Fixes

• account: map managed_by.parent_org_id to unid.id in unmarshall and add acctests (a282d8e)
• address PR review comments (62598d7)
• authenticated_origin_pulls_certificate: add certificate normalization to prevent drift (9fa8e39)
• authenticated_origin_pulls_hostname_certificate resource and tests (3380cf9)
• authenticated_origin_pulls: handle array response and implement full lifecycle (e4c82b8)
• byo_ip_prefix: skip LOA tests (892bce0)
• changelog: update changelog to reflect reality (519c85e)
• cloudflare_zero_trust_device_posture_rule: update tests to match API (b2aad0d)
• mtls_certificates resource and test (fc44f27)
• prevent unnecessary diffs on consecutive applies for hyperdrive_config (8755bf9)
• skip tests requiring account creation (f6d48e9)
• upgrade scenario (e3831be)
• workers_script: add support for placement mode/status (1bc17fa)
• workers_script: schema and migration model (a9a0e05)
• zero_trust_access_application: update v4 version on migration tests (45a825e)
• zero_trust_organization: fix plan issues (f6a9369)

Reverts

• pages_project: "fix(pages_project) build_config to computed optional" (b9c13c9)

Chores

• add CODEOWNERS (3abbb08)
• api: update composite API spec (febe2db)
• api: update composite API spec (71cb6a6)
• api: update composite API spec (6c428d6)
• api: update composite API spec (eda1841)
• api: update composite API spec (7cda136)
• api: update composite API spec (935193b)
• api: update composite API spec (7e45f8d)
• api: update composite API spec (e42ae97)
• api: update composite API spec (48153bd)
• fix model/schema parity (b00bd10)
• improve contribution guide (85584b7)
• internal: codegen related update (22b09ad)
• internal: codegen related update (f587465)
• internal: codegen related update (0bca406)
• internal: codegen related update (3ca7e23)
• internal: codegen related update (02605c2)
• internal: codegen related update (366fb6d)
• internal: codegen related update (f55e1be)
• internal: codegen related update (33bc656)
• internal: codegen related update (6eb4afc)
• internal: codegen related update (636b4f8)
• internal: codegen related update (067536c)
• internal: codegen related update (1af8451)
• internal: codegen related update (f36071f)
• internal: codegen related update (246ffcd)
• internal: codegen related update (471df29)
• internal: codegen related update (0211418)
• internal: codegen related update (2bcbbd5)
• internal: codegen related update (09f9d99)
• internal: fix sdk (be5dbc6)
• minimum upgrade test (25504d0)
• tests: no more state file (f439772)
• Update CHANGELOG.md (f4a1b58)

Documentation

• clarify certificate normalization issue in test comments (8bddab1)
• regerate docs (fc702d9)

Refactors

• refactor stateupgraders (c950153)

v5.16.0

Compare Source

Full Changelog: v5.15.0...v5.16.0

Features

• custom_pages: add "waf_challenge" as new supported error page type identifier in both resource and data source schemas
• list: enhance CIDR validator to check for normalized CIDR notation requiring network address for IPv4 and IPv6
• magic_wan_gre_tunnel: add automatic_return_routing attribute for automatic routing control
• magic_wan_gre_tunnel: add BGP configuration support with new BGP model attribute
• magic_wan_gre_tunnel: add bgp_status computed attribute for BGP connection status information
• magic_wan_gre_tunnel: enhance schema with BGP-related attributes and validators
• magic_wan_ipsec_tunnel: add automatic_return_routing attribute for automatic routing control
• magic_wan_ipsec_tunnel: add BGP configuration support with new BGP model attribute
• magic_wan_ipsec_tunnel: add bgp_status computed attribute for BGP connection status information
• magic_wan_ipsec_tunnel: add custom_remote_identities attribute for custom identity configuration
• magic_wan_ipsec_tunnel: enhance schema with BGP and identity-related attributes
• ruleset: add request body buffering support
• ruleset: enhance ruleset data source with additional configuration options
• workers_script: add observability logs attributes to list data source model
• workers_script: enhance list data source schema with additional configuration options

Bug Fixes

• dns_record: remove unnecessary fmt.Sprintf wrapper around LoadTestCase call in test configuration helper function
• load_balancer: fix session_affinity_ttl type expectations to match Float64 in initial creation and Int64 after migration
• workers_kv: handle special characters correctly in URL encoding

Documentation

• account_subscription: update schema description for rate_plan.sets attribute to clarify it returns an array of strings
• api_shield: add resource-level description for API Shield management of auth ID characteristics
• api_shield: enhance auth_id_characteristics.name attribute description to include JWT token configuration format requirements
• api_shield: specify JSONPath expression format for JWT claim locations
• hyperdrive_config: add description attribute to name attribute explaining its purpose in dashboard and API identification
• hyperdrive_config: apply description improvements across resource, data source, and list data source schemas
• hyperdrive_config: improve schema descriptions for cache settings to clarify default values
• hyperdrive_config: update port description to clarify defaults for different database types

v5.15.0

Compare Source

Full Changelog: v5.14.0...v5.15.0

Features

• ai_search: add AI Search endpoints (6f02adb)
• certificate_pack: add terraform config for CRUD support. This ensures proper Terraform resource ID handling for path parameters in API calls. (081f32a)
• leaked_credentials_check: Add GET endpoint for leaked_credentials_check/detections (feafd9c)
• worker_version: support startup_time_ms (286ab55)
• zero_trust_access_group: v4 to v5 migration acceptance tests (9c877c7)
• zero_trust_access_mtls_hostname_settings: use v2 migrator (b14aa6d)
• zero_trust_dlp_custom_entry: support upload_status (7dc0fe3)
• zero_trust_dlp_entry: support upload_status (7dc0fe3)
• zero_trust_dlp_integration_entry: support upload_status (7dc0fe3)
• zero_trust_dlp_predefined_entry: support upload_status (7dc0fe3)
• zero_trust_gateway_policy: support forensic_copy (5741fd0)
• zero_trust_list: support additional types (category, location, device) (5741fd0)

Bug Fixes

• access_rules: Add validation to prevent state drift. Ideally we'd use Semantic Equality but since that isn't an option, this will remove a foot-gun. (4457791)
• cloudflare_pages_project: addressing drift issues (6edffcf) (3db318e)
• cloudflare_worker: can be cleanly imported (4859b52)
• cloudflare_worker: ensure clean imports (5b525bc)
• list_items: Add validation for IP List items to avoid inconsistent state (b6733dc)
• zero_trust_access_application: remove all conditions from sweeper (3197f1a)
• map missing fields during spectrum resource import (#​6495) (ddb4e72)
• update invalid codegen (d365b98) (92f5c9e)

Chores

• certificate_pack: hosts is now a set, not a list (286ab55)
• ci: split acceptance tests into 37 parallel groups for faster (8c6212b)
• healthcheck: add test for expected_body default value (c5afb48) (e99b43f)
• magic_wan_ipsec_tunnel: remove custom_remote_entities (286ab55)
• queue_consumer: Test data fixes for queue consumer acceptance tests (1b92700)
• update go to point to next (25d640a)
• update regional hostnames migration test to use new migrator (d5ac65f)
• update test to use new migrator (d5ac65f) (ec875bb)

Documentation

• Deprecate API Shield Schema Validation resources (366e1b8)
• generate provider docs (c23342e)

Refactors

• healthcheck: consolidate tests and expand update coverage (b747d21) (7fa38b3)

v5.14.0

Compare Source

Full Changelog: v5.13.0...v5.14.0

Features

• add v4->v5 migration tests for pages_project and adjust schema (#​6506) (6de0179)
• chore: point Terraform to Go 'next' (af9a5f8)
• chore: update go sdk to v6.4.0 for provider release (63cb021)
• chore(api_shield_discovery_operation): Deprecate api_shield_discovery_operation (7dc0a63)
• feat: BOTS-7562 add bot management feedback endpoints to stainless config (prod) (f5112e1)
• feat(r2_data_catalog): Configure SDKs/Terraform to use R2 Data Catalog routes (5beb50b)
• feat(radar): Add origins endpoints to public api docs (ee51e5f)
• improve and standardize sweepers (#​6501) (03fb2d2)

Bug Fixes

• account_members: making member policies a set (#​6488) (f3ecaa5)
• decoder and tests (#​6516) (4c3e2db)
• decoder, build (#​6514) (1935459)
• pages_project: non empty refresh plans (#​6515) (bc526ff)
• pages_project: use correct field name in test sweeper (6dc0e53)
• r2 sweeper (#​6512) (fec953c)
• tests: resolve SDK v6 migration test failures (#​6507) (bad9716)
• update import signature to accept account_id/subscription_id in order to import account subscription (#​6510) (c2db582)
• utils: test assertions (4c3e2db)
• workers_kv: ignore value import state verify (#​6521) (c3e3f89)
• workers_script: No longer treating the migrations attribute as WriteOnly (#​6489) (dc60e38)
• workers_script: resource drift when worker has unmanaged secret (#​6504) (505c0fe)
• zero_trust_device_posture_rule: preserve input.version and other fields (#​6500) (4c4e54b)
• zero_trust_device_posture_rule: preserve input.version and other fields (#​6503) (d45be9a)
• zero_trust_dlp_custom_profile: add sweepers for dlp_custom_profile (cbcb325)
• zone_subscription|account_subscription: add partners_ent as valid enum for rate_plan.id (#​6505) (2a70fb4)
• zone: datasource model schema parity (#​6487) (861c68f)

Chores

• account_member: dont run acceptance with env variable (4c3e2db)
• account_member: fix check for env var (#​6517) (07e9aa5)
• account_member: skip until user is dsr enabled (#​6522) (dd7c2fe)
• account_tokens: adding a simple CRUD test (#​6484)

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[brianhelba]

The upstream provider has some problems in v5. We need to stay at 4 for now.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 5.x releases. But if you manually upgrade to 5.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.