Merge branch 'master' into tcaslin/lcs

.changelog/2776.txt

@@ -0,0 +1,7 @@
+```release-note:new-resource
+cloudflare_access_tag
+```
+
+```release-note:enhancement
+resource/cloudflare_access_application: adds the ability to associate a tag with an application.
+```

.changelog/2784.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+cloudflare_api_shield_schema
+```

.changelog/2796.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+resource/cloudflare_pages_project: Fix 'preview_branch_includes' always showing it has changes if not provided
+```

.changelog/2807.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+cloudflare_observatory_scheduled_test
+```

.changelog/2819.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps golang.org/x/net from 0.15.0 to 0.16.0
+```

.changelog/2820.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2 from 1.21.0 to 1.21.1
+```

.changelog/2821.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2/credentials from 1.13.41 to 1.13.42
+```

.changelog/2822.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.40.0 to 1.40.1
+```

.changelog/2823.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.43 to 1.18.44
+```

.changelog/2826.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_teams_accounts: Add support for setting ssh encryption key in ZT settings
+```

.changelog/2828.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.4.0 to 1.4.1
+```

.changelog/2829.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps golang.org/x/net from 0.16.0 to 0.17.0
+```

.changelog/2830.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/google/go-cmp from 0.5.9 to 0.6.0
+```

.changelog/2831.txt

@@ -0,0 +1,7 @@
+```release-note:internal
+provider: updated user agent string to now be `terraform-provider-cloudflare/<version> <plugin> <operator suffix>`
+```
+
+```release-note:enhancement
+provider: allow defining a user agent operator suffix through the schema field (`user_agent_operator_suffix`) and via the environment variable (`CLOUDFLARE_USER_AGENT_OPERATOR_SUFFIX`)
+```

.changelog/2832.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/cloudflare/cloudflare-go from 0.78.0 to 0.79.0
+```

.changelog/2833.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+resource/cloudflare_bot_management: fix fight mode not being sent to API
+```

.changelog/2836.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+resource/cloudflare_access_policy: Send purpose justification settings properly on updates
+```

.changelog/2837.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps golang.org/x/net from 0.7.0 to 0.17.0
+```

.changelog/2838.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_access_application: Add idp_entity_id, public_key and sso_endpoint attributes to saas_app
+```

.changelog/2843.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+resource/cloudflare_access_application: fix import of cloudflare_access_application not reading saas_app config
+```

.changelog/2846.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.44 to 1.18.45
+```

.changelog/2847.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2 from 1.21.1 to 1.21.2
+```

.changelog/2850.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+cloudflare_d1_database
+```

.changelog/2851.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+resource/cloudflare_ruleset: Add note that logging is only supported with the skip action
+```

.changelog/2853.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.19.0
+```

.changelog/2854.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_ruleset: Add support for the use of Additional Cacheable Ports option in the Rulesets API
+```

.changelog/2857.txt

@@ -0,0 +1,6 @@
+```release-note:enhancement
+resource/cloudflare_access_organization: Add session_duration field
+```
+```release-note:enhancement
+resource/cloudflare_access_policy: Add session_duration field
+```

CHANGELOG.md

@@ -1,9 +1,53 @@
-## 4.17.0 (Unreleased)
+## 4.18.0 (Unreleased)
+
+## 4.17.0 (18th October, 2023)
+
+FEATURES:
+
+* **New Resource:** `cloudflare_access_tag` ([#2776](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2776))
+* **New Resource:** `cloudflare_api_shield_schema` ([#2784](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2784))
+* **New Resource:** `cloudflare_d1_database` ([#2850](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2850))
+* **New Resource:** `cloudflare_observatory_scheduled_test` ([#2807](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2807))
 
 ENHANCEMENTS:
 
+* provider: allow defining a user agent operator suffix through the schema field (`user_agent_operator_suffix`) and via the environment variable (`CLOUDFLARE_USER_AGENT_OPERATOR_SUFFIX`) ([#2831](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2831))
+* resource/cloudflare_access_application: Add idp_entity_id, public_key and sso_endpoint attributes to saas_app ([#2838](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2838))
+* resource/cloudflare_access_application: adds the ability to associate a tag with an application. ([#2776](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2776))
+* resource/cloudflare_access_organization: Add session_duration field ([#2857](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2857))
+* resource/cloudflare_access_policy: Add session_duration field ([#2857](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2857))
+* resource/cloudflare_ruleset: Add support for the use of Additional Cacheable Ports option in the Rulesets API ([#2854](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2854))
+* resource/cloudflare_teams_accounts: Add support for setting ssh encryption key in ZT settings ([#2826](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2826))
 * resource/cloudflare_zone_settings_override: Add support for `fonts` ([#2773](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2773))
 
+BUG FIXES:
+
+* resource/cloudflare_access_application: fix import of cloudflare_access_application not reading saas_app config ([#2843](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2843))
+* resource/cloudflare_access_policy: Send purpose justification settings properly on updates ([#2836](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2836))
+* resource/cloudflare_bot_management: fix fight mode not being sent to API ([#2833](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2833))
+* resource/cloudflare_pages_project: Fix 'preview_branch_includes' always showing it has changes if not provided ([#2796](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2796))
+* resource/cloudflare_ruleset: Add note that logging is only supported with the skip action ([#2851](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2851))
+
+INTERNAL:
+
+* provider: updated user agent string to now be `terraform-provider-cloudflare/<version> <plugin> <operator suffix>` ([#2831](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2831))
+
+DEPENDENCIES:
+
+* provider: bumps github.com/aws/aws-sdk-go-v2 from 1.21.0 to 1.21.1 ([#2820](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2820))
+* provider: bumps github.com/aws/aws-sdk-go-v2 from 1.21.1 to 1.21.2 ([#2847](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2847))
+* provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.43 to 1.18.44 ([#2823](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2823))
+* provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.44 to 1.18.45 ([#2846](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2846))
+* provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.19.0 ([#2853](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2853))
+* provider: bumps github.com/aws/aws-sdk-go-v2/credentials from 1.13.41 to 1.13.42 ([#2821](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2821))
+* provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.40.0 to 1.40.1 ([#2822](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2822))
+* provider: bumps github.com/cloudflare/cloudflare-go from 0.78.0 to 0.79.0 ([#2832](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2832))
+* provider: bumps github.com/google/go-cmp from 0.5.9 to 0.6.0 ([#2830](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2830))
+* provider: bumps github.com/hashicorp/terraform-plugin-framework from 1.4.0 to 1.4.1 ([#2828](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2828))
+* provider: bumps golang.org/x/net from 0.15.0 to 0.16.0 ([#2819](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2819))
+* provider: bumps golang.org/x/net from 0.16.0 to 0.17.0 ([#2829](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2829))
+* provider: bumps golang.org/x/net from 0.7.0 to 0.17.0 ([#2837](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2837))
+
 ## 4.16.0 (4th October, 2023)
 
 BREAKING CHANGES:

docs/data-sources/rulesets.md

@@ -84,6 +84,7 @@ Read-Only:
 
 Read-Only:
 
+- `additional_cacheable_ports` (Set of Number)
 - `automatic_https_rewrites` (Boolean)
 - `autominify` (List of Object) (see [below for nested schema](#nestedobjatt--rulesets--rules--action_parameters--autominify))
 - `bic` (Boolean)

docs/index.md

@@ -64,3 +64,4 @@ resource "cloudflare_page_rule" "www" {
 - `min_backoff` (Number) Minimum backoff period in seconds after failed API calls. Alternatively, can be configured using the `CLOUDFLARE_MIN_BACKOFF` environment variable.
 - `retries` (Number) Maximum number of retries to perform when an API request fails. Alternatively, can be configured using the `CLOUDFLARE_RETRIES` environment variable.
 - `rps` (Number) RPS limit to apply when making calls to the API. Alternatively, can be configured using the `CLOUDFLARE_RPS` environment variable.
+- `user_agent_operator_suffix` (String) A value to append to the HTTP User Agent for all API calls. This value is not something most users need to modify however, if you are using a non-standard provider or operator configuration, this is recommended to assist in uniquely identifying your traffic. **Setting this value will remove the Terraform version from the HTTP User Agent string and may have unintended consequences**. Alternatively, can be configured using the `CLOUDFLARE_USER_AGENT_OPERATOR_SUFFIX` environment variable.

docs/resources/access_application.md

@@ -75,6 +75,7 @@ resource "cloudflare_access_application" "staging_app" {
 - `service_auth_401_redirect` (Boolean) Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`.
 - `session_duration` (String) How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
 - `skip_interstitial` (Boolean) Option to skip the authorization interstitial when using the CLI. Defaults to `false`.
+- `tags` (Set of String) The itags associated with the application.
 - `type` (String) The application type. Available values: `app_launcher`, `bookmark`, `biso`, `dash_sso`, `saas`, `self_hosted`, `ssh`, `vnc`, `warp`. Defaults to `self_hosted`.
 - `zone_id` (String) The zone identifier to target for the resource. Conflicts with `account_id`.
 
@@ -111,6 +112,12 @@ Optional:
 - `custom_attribute` (Block List) Custom attribute mapped from IDPs. (see [below for nested schema](#nestedblock--saas_app--custom_attribute))
 - `name_id_format` (String) The format of the name identifier sent to the SaaS application. Defaults to `email`.
 
+Read-Only:
+
+- `idp_entity_id` (String) The unique identifier for the SaaS application.
+- `public_key` (String) The public certificate that will be used to verify identities.
+- `sso_endpoint` (String) The endpoint where the SaaS application will send login requests.
+
 <a id="nestedblock--saas_app--custom_attribute"></a>
 ### Nested Schema for `saas_app.custom_attribute`
 

docs/resources/access_organization.md

@@ -44,6 +44,7 @@ resource "cloudflare_access_organization" "example" {
 - `is_ui_read_only` (Boolean) When set to true, this will disable all editing of Access resources via the Zero Trust Dashboard.
 - `login_design` (Block List) (see [below for nested schema](#nestedblock--login_design))
 - `name` (String) The name of your Zero Trust organization.
+- `session_duration` (String) How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
 - `ui_read_only_toggle_reason` (String) A description of the reason why the UI read only field is being toggled.
 - `user_seat_expiration_inactive_time` (String) The amount of time a user seat is inactive before it expires. When the user seat exceeds the set time of inactivity, the user is removed as an active seat and no longer counts against your Teams seat count. Must be in the format `300ms` or `2h45m`.
 - `zone_id` (String) The zone identifier to target for the resource. Conflicts with `account_id`.

docs/resources/access_policy.md

@@ -79,6 +79,7 @@ resource "cloudflare_access_policy" "test_policy" {
 - `purpose_justification_prompt` (String) The prompt to display to the user for a justification for accessing the resource. Required when using `purpose_justification_required`.
 - `purpose_justification_required` (Boolean) Whether to prompt the user for a justification for accessing the resource.
 - `require` (Block List) A series of access conditions, see [Access Groups](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/access_group#conditions). (see [below for nested schema](#nestedblock--require))
+- `session_duration` (String) How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
 - `zone_id` (String) The zone identifier to target for the resource. Conflicts with `account_id`.
 
 ### Read-Only

docs/resources/access_tag.md

@@ -0,0 +1,32 @@
+---
+page_title: "cloudflare_access_tag Resource - Cloudflare"
+subcategory: ""
+description: |-
+  Provides a resource to customize the pages your end users will see
+  when trying to reach applications behind Cloudflare Access.
+---
+
+# cloudflare_access_tag (Resource)
+
+Provides a resource to customize the pages your end users will see
+when trying to reach applications behind Cloudflare Access.
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Friendly name of the Access Tag.
+
+### Optional
+
+- `account_id` (String) The account identifier to target for the resource. Conflicts with `zone_id`. **Modifying this attribute will force creation of a new resource.**
+- `app_count` (Number) Number of apps associated with the tag.
+- `zone_id` (String) The zone identifier to target for the resource. Conflicts with `account_id`. **Modifying this attribute will force creation of a new resource.**
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

docs/resources/api_shield_schema.md

@@ -0,0 +1,41 @@
+---
+page_title: "cloudflare_api_shield_schema Resource - Cloudflare"
+subcategory: ""
+description: |-
+  Provides a resource to manage a schema in API Shield Schema Validation 2.0.
+---
+
+# cloudflare_api_shield_schema (Resource)
+
+Provides a resource to manage a schema in API Shield Schema Validation 2.0.
+
+## Example Usage
+
+```terraform
+resource "cloudflare_api_shield_schema" "petstore_schema" {
+  zone_id            = "0da42c8d2132a9ddaf714f9e7c920711"
+  name               = "myschema"
+  kind               = "openapi_v3" # optional
+  validation_enabled = true         # optional, default false
+  source             = file("./schemas/petstore.json")
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Name of the schema. **Modifying this attribute will force creation of a new resource.**
+- `source` (String) Schema file bytes. **Modifying this attribute will force creation of a new resource.**
+- `zone_id` (String) The zone identifier to target for the resource. **Modifying this attribute will force creation of a new resource.**
+
+### Optional
+
+- `kind` (String) Kind of schema. Defaults to `openapi_v3`. **Modifying this attribute will force creation of a new resource.**
+- `validation_enabled` (Boolean) Flag whether schema is enabled for validation.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

docs/resources/d1_database.md

@@ -0,0 +1,45 @@
+---
+page_title: "cloudflare_d1_database Resource - Cloudflare"
+subcategory: ""
+description: |-
+  The D1 Database https://developers.cloudflare.com/d1/ resource allows you to manage Cloudflare D1 databases.
+---
+
+# cloudflare_d1_database (Resource)
+
+The [D1 Database](https://developers.cloudflare.com/d1/) resource allows you to manage Cloudflare D1 databases.
+
+!> When a D1 Database is replaced all the data is lost. Please ensure you have a backup of your data before replacing a D1 Database.
+
+
+## Example Usage
+
+```terraform
+resource "cloudflare_d1_database" "example" {
+  account_id = "f037e56e89293a057740de681ac9abbe"
+  name       = "terraform-database"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `account_id` (String) The account identifier to target for the resource.
+- `name` (String) The name of the D1 Database.
+
+### Read-Only
+
+- `id` (String) The identifier of this resource.
+- `version` (String) The backend version of the database.
+
+## Import
+
+
+Import is supported using the following syntax:
+
+```shell
+$ terraform import cloudflare_d1_database.example <account id>/<database id>
+```
+