Merge branch 'master' into cloudflare_worker_secret

.changelog/2779.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+cloudflare_keyless_certificate
+```

.changelog/2897.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.40.2 to 1.41.0
+```

.changelog/2898.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.19.1 to 1.20.0
+```

.changelog/2899.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2 from 1.21.2 to 1.22.0
+```

.changelog/2901.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_notification_policy: Add support for `incident_alert` type
+```

.changelog/2902.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.20.0 to 1.21.0
+```

.changelog/2904.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2 from 1.22.0 to 1.22.1
+```

.changelog/2905.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.41.0 to 1.42.0
+```

.changelog/2906.txt

@@ -0,0 +1,3 @@
+```release-note:note
+resource/cloudflare_argo: `tiered_caching` attribute is deprecated in favour of the dedicated `cloudflare_tiered_cache` resource.
+```

.changelog/2908.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.21.0 to 1.22.0
+```

.changelog/2912.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.22.0 to 1.22.1
+```

CHANGELOG.md

@@ -1,4 +1,29 @@
-## 4.18.0 (Unreleased)
+## 4.19.0 (Unreleased)
+
+NOTES:
+
+* resource/cloudflare_argo: `tiered_caching` attribute is deprecated in favour of the dedicated `cloudflare_tiered_cache` resource. ([#2906](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2906))
+
+FEATURES:
+
+* **New Resource:** `cloudflare_keyless_certificate` ([#2779](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2779))
+
+ENHANCEMENTS:
+
+* resource/cloudflare_notification_policy: Add support for `incident_alert` type ([#2901](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2901))
+
+DEPENDENCIES:
+
+* provider: bumps github.com/aws/aws-sdk-go-v2 from 1.21.2 to 1.22.0 ([#2899](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2899))
+* provider: bumps github.com/aws/aws-sdk-go-v2 from 1.22.0 to 1.22.1 ([#2904](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2904))
+* provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.19.1 to 1.20.0 ([#2898](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2898))
+* provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.20.0 to 1.21.0 ([#2902](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2902))
+* provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.21.0 to 1.22.0 ([#2908](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2908))
+* provider: bumps github.com/aws/aws-sdk-go-v2/config from 1.22.0 to 1.22.1 ([#2912](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2912))
+* provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.40.2 to 1.41.0 ([#2897](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2897))
+* provider: bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.41.0 to 1.42.0 ([#2905](https://github.com/cloudflare/terraform-provider-cloudflare/issues/2905))
+
+## 4.18.0 (1st November, 2023)
 
 FEATURES:
 

docs/resources/argo.md

@@ -30,7 +30,7 @@ resource "cloudflare_argo" "example" {
 ### Optional
 
 - `smart_routing` (String) Whether smart routing is enabled. Available values: `on`, `off`.
-- `tiered_caching` (String) Whether tiered caching is enabled. Available values: `on`, `off`.
+- `tiered_caching` (String, Deprecated) Whether tiered caching is enabled. Available values: `on`, `off`.
 
 ### Read-Only
 

docs/resources/keyless_certificate.md

@@ -0,0 +1,52 @@
+---
+page_title: "cloudflare_keyless_certificate Resource - Cloudflare"
+subcategory: ""
+description: |-
+  Provides a resource, that manages Keyless certificates.
+---
+
+# cloudflare_keyless_certificate (Resource)
+
+Provides a resource, that manages Keyless certificates.
+
+## Example Usage
+
+```terraform
+resource "cloudflare_keyless_certificate" "example" {
+  zone_id       = "0da42c8d2132a9ddaf714f9e7c920711"
+  bundle_method = "ubiquitous"
+  name          = "example.com Keyless SSL"
+  host          = "example.com"
+  port          = 24008
+  enabled       = true
+  certificate   = "-----INSERT CERTIFICATE-----"
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `certificate` (String) The zone's SSL certificate or SSL certificate and intermediate(s). **Modifying this attribute will force creation of a new resource.**
+- `host` (String) The KeyLess SSL host.
+- `zone_id` (String) The zone identifier to target for the resource.
+
+### Optional
+
+- `bundle_method` (String) A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: `ubiquitous`, `optimal`, `force`. Defaults to `ubiquitous`. **Modifying this attribute will force creation of a new resource.**
+- `enabled` (Boolean) Whether the KeyLess SSL is on.
+- `name` (String) The KeyLess SSL name.
+- `port` (Number) The KeyLess SSL port used to communicate between Cloudflare and the client's KeyLess SSL server. Defaults to `24008`.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `status` (String) Status of the KeyLess SSL.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+$ terraform import cloudflare_keyless_certificate.example <zone_id>/<keyless_certificate_id>
+```

docs/resources/notification_policy.md

@@ -68,7 +68,7 @@ resource "cloudflare_notification_policy" "example" {
 ### Required
 
 - `account_id` (String) The account identifier to target for the resource.
-- `alert_type` (String) The event type that will trigger the dispatch of a notification. See the developer documentation for descriptions of [available alert types](https://developers.cloudflare.com/fundamentals/notifications/notification-available/). Available values: `advanced_http_alert_error`, `access_custom_certificate_expiration_type`, `advanced_ddos_attack_l4_alert`, `advanced_ddos_attack_l7_alert`, `bgp_hijack_notification`, `billing_usage_alert`, `block_notification_block_removed`, `block_notification_new_block`, `block_notification_review_rejected`, `clickhouse_alert_fw_anomaly`, `clickhouse_alert_fw_ent_anomaly`, `custom_ssl_certificate_event_type`, `dedicated_ssl_certificate_event_type`, `dos_attack_l4`, `dos_attack_l7`, `expiring_service_token_alert`, `failing_logpush_job_disabled_alert`, `fbm_auto_advertisement`, `fbm_dosd_attack`, `fbm_volumetric_attack`, `health_check_status_notification`, `hostname_aop_custom_certificate_expiration_type`, `http_alert_edge_error`, `http_alert_origin_error`, `load_balancing_health_alert`, `load_balancing_pool_enablement_alert`, `real_origin_monitoring`, `scriptmonitor_alert_new_code_change_detections`, `scriptmonitor_alert_new_hosts`, `scriptmonitor_alert_new_malicious_hosts`, `scriptmonitor_alert_new_malicious_scripts`, `scriptmonitor_alert_new_malicious_url`, `scriptmonitor_alert_new_max_length_resource_url`, `scriptmonitor_alert_new_resources`, `secondary_dns_all_primaries_failing`, `secondary_dns_primaries_failing`, `secondary_dns_zone_successfully_updated`, `secondary_dns_zone_validation_warning`, `sentinel_alert`, `stream_live_notifications`, `tunnel_health_event`, `tunnel_update_event`, `universal_ssl_event_type`, `web_analytics_metrics_update`, `weekly_account_overview`, `workers_alert`, `zone_aop_custom_certificate_expiration_type`.
+- `alert_type` (String) The event type that will trigger the dispatch of a notification. See the developer documentation for descriptions of [available alert types](https://developers.cloudflare.com/fundamentals/notifications/notification-available/). Available values: `advanced_http_alert_error`, `access_custom_certificate_expiration_type`, `advanced_ddos_attack_l4_alert`, `advanced_ddos_attack_l7_alert`, `bgp_hijack_notification`, `billing_usage_alert`, `block_notification_block_removed`, `block_notification_new_block`, `block_notification_review_rejected`, `clickhouse_alert_fw_anomaly`, `clickhouse_alert_fw_ent_anomaly`, `custom_ssl_certificate_event_type`, `dedicated_ssl_certificate_event_type`, `dos_attack_l4`, `dos_attack_l7`, `expiring_service_token_alert`, `failing_logpush_job_disabled_alert`, `fbm_auto_advertisement`, `fbm_dosd_attack`, `fbm_volumetric_attack`, `health_check_status_notification`, `hostname_aop_custom_certificate_expiration_type`, `http_alert_edge_error`, `http_alert_origin_error`, `incident_alert`, `load_balancing_health_alert`, `load_balancing_pool_enablement_alert`, `pages_event_alert`, `real_origin_monitoring`, `scriptmonitor_alert_new_code_change_detections`, `scriptmonitor_alert_new_hosts`, `scriptmonitor_alert_new_malicious_hosts`, `scriptmonitor_alert_new_malicious_scripts`, `scriptmonitor_alert_new_malicious_url`, `scriptmonitor_alert_new_max_length_resource_url`, `scriptmonitor_alert_new_resources`, `secondary_dns_all_primaries_failing`, `secondary_dns_primaries_failing`, `secondary_dns_zone_successfully_updated`, `secondary_dns_zone_validation_warning`, `sentinel_alert`, `stream_live_notifications`, `tunnel_health_event`, `tunnel_update_event`, `universal_ssl_event_type`, `web_analytics_metrics_update`, `weekly_account_overview`, `workers_alert`, `zone_aop_custom_certificate_expiration_type`.
 - `enabled` (Boolean) The status of the notification policy.
 - `name` (String) The name of the notification policy.
 
@@ -112,6 +112,7 @@ Optional:
 - `event_type` (Set of String) Stream event type to alert on.
 - `group_by` (Set of String) Alert grouping.
 - `health_check_id` (Set of String) Identifier health check. Required when using `filters.0.status`.
+- `incident_impact` (Set of String) The incident impact level that will trigger the dispatch of a notification. Available values: `INCIDENT_IMPACT_NONE`, `INCIDENT_IMPACT_MINOR`, `INCIDENT_IMPACT_MAJOR`, `INCIDENT_IMPACT_CRITICAL`.
 - `input_id` (Set of String) Stream input id to alert on.
 - `limit` (Set of String) A numerical limit. Example: `100`.
 - `megabits_per_second` (Set of String) Megabits per second threshold for dos alert.

examples/resources/cloudflare_keyless_certificate/import.sh

@@ -0,0 +1 @@
+$ terraform import cloudflare_keyless_certificate.example <zone_id>/<keyless_certificate_id>

examples/resources/cloudflare_keyless_certificate/resource.tf

@@ -0,0 +1,9 @@
+resource "cloudflare_keyless_certificate" "example" {
+  zone_id       = "0da42c8d2132a9ddaf714f9e7c920711"
+  bundle_method = "ubiquitous"
+  name          = "example.com Keyless SSL"
+  host          = "example.com"
+  port          = 24008
+  enabled       = true
+  certificate   = "-----INSERT CERTIFICATE-----"
+}

go.mod

@@ -33,10 +33,10 @@ require (
 
 require (
 	github.com/MakeNowJust/heredoc/v2 v2.0.1
-	github.com/aws/aws-sdk-go-v2 v1.21.2
-	github.com/aws/aws-sdk-go-v2/config v1.19.1
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.43
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.40.2
+	github.com/aws/aws-sdk-go-v2 v1.22.1
+	github.com/aws/aws-sdk-go-v2/config v1.22.1
+	github.com/aws/aws-sdk-go-v2/credentials v1.15.1
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.42.0
 	github.com/google/go-cmp v0.6.0
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/terraform-plugin-framework v1.4.2
@@ -52,20 +52,20 @@ require golang.org/x/tools v0.8.0 // indirect
 require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.14 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.38 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
-	github.com/aws/smithy-go v1.15.0 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.0 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.5.0 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.17.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.25.0 // indirect
+	github.com/aws/smithy-go v1.16.0 // indirect
 	github.com/cloudflare/circl v1.3.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect