chore(deps): update terraform cloudflare to v5

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
cloudflare (source)	required_provider	major	4.34.0 -> 5.13.0

---

Release Notes

cloudflare/terraform-provider-cloudflare (cloudflare)

v5.13.0

Compare Source

Full Changelog: v5.12.0...v5.13.0

⚠ BREAKING CHANGES: cloudflare_api_token & cloudflare_account_token Schema Update

The 5.13 release includes major updates to the cloudflare_api_token resource to eliminate configuration drift caused by policy ordering differences in the Cloudflare API.

Fixes: #​6092

Whats changed

• policies are now a Set; order is ignored to prevent drift.
• When defining a policy, resources must use jsonencode(); all policy resource values must now be JSON-encoded strings.
• Removed fields: id, name, and meta have been removed from policy blocks.

Required Action (v5.13+)
Customers looking to upgrade to v5.13+ must update all cloudflare_api_token & cloudflare_account_token resources to wrap policy resource values in jsonencode()

Before:

resources = {
  "com.cloudflare.api.account.${var.cf_account_id}" = "*"
}

After:

resources = jsonencode({
  "com.cloudflare.api.account.${var.cf_account_id}" = "*"
})

• account_token: token policy order and nested resources (#​6440)

Features

• add new resources and data sources (7ce3dec)
• api_token+account_tokens: state upgrader and schema bump (#​6472) (42f7db2)
• chore(build): point Terraform to released Go v6.3.0 (6d06b46)
• docs: make docs explicit when a resource does not have import support (02699f6)
• magic_transit_connector: support self-serve license key (#​6398) (a6ec134)
• worker_version: add content_base64 support (6ff643f)
• worker_version: boolean support for run_worker_first (#​6407) (116a67b)
• workers_script_subdomains: add import support (#​6375) (40f7ed8)
• zero_trust_access_application: add proxy_endpoint for ZT Access Application (#​6453) (177f20a)
• zero_trust_dlp_predefined_profile: Switch DLP Predefined Profile endpoints, introduce enabled_entries attribute (bc69569)
• zero_trust_tunnel_cloudflared: v4 to v5 migration tests (#​6461) (ffa0fef)

Bug Fixes

• account_token: token policy order and nested resources (#​6440) (86c5972)
• allow r2_bucket_event_notification to be applied twice without failing (#​6419) (6fbd4c5)
• cloudflare_worker+cloudflare_worker_version: import for the resources (#​6357) (b98e0be)
• dns_record: inconsistent apply error (#​6452) (f289994)
• pages_domain: resource tests (#​6338) (d769e29)
• pages_project: unintended resource state drift (#​6377) (1a3955a)
• queue_consumer: id population (#​6181) (f3c6498)
• workers_kv: multipart request (#​6367) (65f8c19)
• workers_kv: updating workers metadata attribute to be read from endpoint (#​6386) (3a35757)
• workers_script_subdomain: add note to cloudflare_workers_script_subdomain about redundancy with cloudflare_worker (#​6383) (9cc9b59)
• workers_script: allow config.run_worker_first to accept list input (fab567c)
• zero_trust_device_custom_profile_local_domain_fallback: drift issues (#​6365) (65c0c18)
• zero_trust_device_custom_profile: resolve drift issues (#​6364) (4cd2cbd)
• zero_trust_dex_test: correct configurability for 'targeted' attribute to fix drift (cd81178)
• zero_trust_tunnel_cloudflared_config: remove warp_routing from cloudflared_config (#​6471) (dc9d557)

Chores

• account_member: add migration test (#​6425) (967a972)
• byoip: integrate generated changes for BYOIP resources (432160e)
• certificate_pack: docs show safe rotation instructions (#​6388) (3d37264)
• ci: clean up leftover files in resources (#​6474) (e8aee72)
• ci: drop migration tests from CI (#​6476) (968565f)
• ci: fix tests ran on release PR (#​6478) (0b43c46)
• ci: fixes for parity tests and build failures (#​6475) (3561876)
• ci: modify sweepers (#​6479) (4c8915d)
• ci: skip flaky test in CI (fb14d86)
• cloudflare_zero_trust_dlp_custom_profile: migration test and ignore order as set (#​6428) (1659ff3)
• d1: integrate generated changes for D1 resources (cfa3472)
• dns_record: improve dns sweepers (#​6430) (5e62468)
• docs: document configurations and examples (#​6449) (59430e0)
• docs: generate docs and examples (cdd77ec)
• email_routing: improved email routing sweepers (#​6429) (133c81e)
• iam: integrate generated changes for IAM resources (a87806e)
• include new sections for pr template (#​6395) (81c07e1)
• load_balancing: integrate generated changes for Load Balancing resources (4c6b34d)
• logpull_retention: add migration test for (#​6426) (529f313)
• logpull_retention: update acceptance test (#​6277) (3766b3f)
• logpush_job: add import tests for resource (#​6402) (cded8ec)
• logpush: integrate generated changes for Logpush resources (06e8446)
• notification_policy_webhook: add migration test for notification-policy-webhook (#​6443) (742d647)
• pages: integrate generated changes for Pages resources (64855ea)
• queue_consumer: testdata refactor (d301974)
• r2_bucket: v4 to v5 migration tests for cloudflare_r2_bucket (#​6437) (99ed1ee)
• sso_connector: add acceptance tests (#​6427) (8b54303)
• stainless: integrate changes from unpinned codegen version (9cb3b8e)
• test: acceptance tests for token validation resources (#​6417) (4d94bdd)
• test: add schema and token validation acceptance tests to CI (#​6421) (b805abc)
• test: increase legacy migrator test coverage (#​6401) (9a8c48a)
• universal_ssl_setting: add acceptance tests for universal_ssl_setting (2601c45)
• worker: integrate generated changes for Worker resources (1da2bf2)
• workers_kv_namespace: v4 to v5 migration tests for workers_kv_namespace (#​6424) (433010f)
• workers_kv: v4 to v5 migration tests for workers_kv (#​6435) (58ca912)
• workers_script: add workers scripts sweeper (#​6351) (f439a08)
• workers_script: fix resource name in TestAccCloudflareWorkerScript_ModuleWithDurableObject (614d8d3)
• workers_script: fix resource names in tests (788e73a)
• workers: integrate generated changes for Workers resources (ab0a330)
• zero_trust_access_service_token: add migration test for zero_trust_access_service_token (#​6416) (c77d5d5)
• zero_trust_gateway_policy: v4 to v5 migration for zero_trust_gateway_policy (#​6413) (1c1952b)
• zero_trust_list: v4 to v5 migration tests for zero trust list records (#​6400) (6ed55d6)
• zero_trust_tunnel_cloudflared_route: v4 to v5 migration tests for zero_trust_tunnel_cloudflared_route (#​6409) (5dc2094)
• zero_trust, cfone: integrate generated changes for ZT and CFONE resources (b7131b2)
• zone_dnssec: v4 to v5 migration tests for zone_dnssec (#​6432) (86abd1f)
• zone_settings: acceptance test to repro issue #​6363 (#​6445) (707c154)
• zones: data source tests (#​6414) (4d58e56)
• zt_access: add sweepers for policy and service token (#​6465) (9f4fa94)

v5.12.0

Compare Source

Full Changelog: v5.11.0...v5.12.0

Features

• chore: pin cloudflare-go for provider release (61a33f9)
• chore: use cloudflare-go@​next for the 'next' branch (8d8ff6d)
• chore(abuse): rename path parameter (cbda07b)
• ci: remove zero_trust_connectivity_directory_service (23bd535)
• ci: trigger prod build (fffdf5a)
• feat: add connectivity directory service APIs to openapi.stainless.yml (1a6b304)
• feat: SDKs for Organizations and OrganizationsProfile (1f6eae3)
• feat(api): add mcp portals endpoints (1e317de)
• feat(radar): add new group by dimension endpoints; deprecate to_markdown endpoint (bcb58cb)
• fix(content_scanning): content scanning terraform resource (03b7004)
• fix(workers_domain): treat PUT /workers/domains as a create operation (8ff0c7d)
• modernize zero_trust_tunnel_cloudflared_config tests and fix warp_routing (#​6294) (36d38a6)
• modernize zero_trust_tunnel_cloudflared_virtual_network tests and improve (#​6293) (1b0f6d6)
• zero_trust_access_application: Add support for MCP & MCP_PORTAL (#​6326) (9524b60)

Bug Fixes

• account_member: update policies test by selecting correct resource group (#​6352) (693dc9d)
• cloudflare_r2_bucket_sippy: attribute name in example (#​6336) (208bf81)
• cloudflare_worker_version: replace when module content_sha256 value changes (#​6335) (e31395d)
• cloudflare_workers_script: Update docs note for resource (#​6304) (f7b4cef)
• cloudflare_workflow: download dependencies for workflow resource acceptance tests (#​6302) (84bade9)
• correctly detect more ID attributes for data sources (d5f4e7d)
• custom_pages: fix broken tests (#​6372) (95f344e)
• custom_pages: update type enumerations (#​6369) (8bd0d09)
• enable skipped gateway policy tests and simplify quarantine test (#​6296) (b220f2b)
• ensure model/schema parity across several resources (#​6379) (418aedd)
• fix zero_trust_dex_test tests (#​6301) (0345a4d)
• internal: correctly generate schema according to annotations (529f0ff)
• migrate: add target flag to specify resources (#​6324) (1b94fcd)
• notification_policy: address drift due to unordered lists, converted to sets (#​6316) (7eabe67)
• read by id data sources should have required IDs (1ca9485)
• restore missing testdata (#​6378) (5cb8dc6)
• workers_version: inconsistent binding order causing inconsistent result after apply (#​6342) (1de79a4)
• zero_trust_access_service_token: client secret versioning (#​6328) (d6b7107)
• zero_trust_dex_test: ensure model/schema parity (#​6370) (066ae4f)
• zero_trust_dex_test: fix duplicate key, imports (#​6366) (15c05d0)
• zero_trust_dlp_custom_profile: fix read, refresh, import (#​6391) (3154453)
• zero_trust_tunnel_cloudflared_virtual_network: fix sweeper panics (#​6392) (c190bc7)

Chores

• api_shield: Acceptance tests increase coverage (#​6325) (3e957c7)
• api: update composite API spec (6d91d6b)
• api: update composite API spec (a1e1df9)
• api: update composite API spec (1b9a680)
• api: update composite API spec (c53a1f5)
• api: update composite API spec (ae642c6)
• api: update composite API spec (86ea5b7)
• api: update composite API spec (5bf96b0)
• api: update composite API spec (07f3913)
• api: update composite API spec (f7c9b47)
• api: update composite API spec (1519d61)
• api: update composite API spec (a78ff01)
• api: update composite API spec (fa156c0)
• api: update composite API spec (6f4ab90)
• api: update composite API spec (9455823)
• api: update composite API spec (e482a4f)
• api: update composite API spec (98e3585)
• api: update composite API spec (d552b8c)
• api: update composite API spec (46b4930)
• api: update composite API spec (34eddaf)
• api: update composite API spec (50139f0)
• api: update composite API spec (b151882)
• api: update composite API spec (5892196)
• api: update composite API spec (2ef377f)
• api: update composite API spec (0f029be)
• api: update composite API spec (5483722)
• api: update composite API spec (19ec88c)
• api: update composite API spec (3a0fbe7)
• api: update composite API spec (0ef1be1)
• api: update composite API spec (605134b)
• api: update composite API spec (d134c57)
• api: update composite API spec (0f0b7ff)
• api: update composite API spec (aebfa72)
• api: update composite API spec (a37714a)
• api: update composite API spec (e600699)
• api: update composite API spec (938d787)
• api: update composite API spec (8ef0127)
• api: update composite API spec (8ab046d)
• api: update composite API spec (37a7311)
• api: update composite API spec (038e76d)
• api: update composite API spec (80fc0cd)
• api: update composite API spec (ddb3468)
• api: update composite API spec (88b0b8e)
• api: update composite API spec (cd64df6)
• api: update composite API spec (41b75fb)
• api: update composite API spec (3a7c0a5)
• api: update composite API spec (9c45892)
• api: update composite API spec (4e791c5)
• api: update composite API spec (39816af)
• api: update composite API spec (d156eef)
• api: update composite API spec (b2bd81b)
• api: update composite API spec (1111340)
• api: update composite API spec (938003c)
• api: update composite API spec (0b7e283)
• api: update composite API spec (2e958fb)
• api: update composite API spec (138735c)
• api: update composite API spec (002fd57)
• api: update composite API spec (302fa30)
• api: update composite API spec (0294b5e)
• api: update composite API spec (ddb7a1c)
• api: update composite API spec (4cba4b4)
• api: update composite API spec (c88075f)
• api: update composite API spec (23b810f)
• api: update composite API spec (8590d26)
• api: update composite API spec (2fa0344)
• api: update composite API spec (e01d191)
• api: update composite API spec (0b9c36d)
• api: update composite API spec (644ff5f)
• api: update composite API spec (fd946b1)
• api: update composite API spec (5b54f0d)
• api: update composite API spec (0421b6a)
• api: update composite API spec (d0f7eb4)
• api: update composite API spec (e8a2650)
• api: update composite API spec (d0784b3)
• api: update composite API spec (3490350)
• api: update composite API spec (c009139)
• api: update composite API spec (385cc44)
• api: update composite API spec (7dc37da)
• api: update composite API spec (3fc4cf6)
• api: update composite API spec (d812ed9)
• api: update composite API spec (35aca13)
• api: update composite API spec (f610c3e)
• api: update composite API spec (b435318)
• fix errors in cloudflare_pages_project acceptance tests (#​6318) (cb63e28)
• internal: codegen related update (010cc1e)
• internal: codegen related update (fde5364)
• internal: codegen related update (b451331)
• internal: codegen related update (cf23a89)
• internal: codegen related update (f577253)
• internal: codegen related update (70652b4)
• internal: codegen related update (0504080)
• logpush_jobs: Add tests from basic to full fields, and changes on omitempty field (#​6337) (696abcd)
• organization_profile: add org id env variable for acceptance tests (#​6382) (37468a7)
• organizations and organization_profiles: Acceptance Tests and wait after create (#​6329) (ecfd9bf)
• organizations: wire up acceptance test in CI (#​6349) (c1cbe9e)
• pages_project: only sweep pages projects resources created during testing (#​6298) (1a2daa3)
• pages_project: update CLOUDFLARE_PAGES_OWNER and CLOUDFLARE_PAGES_REPO used for acceptance tests (#​6300) (939499e)
• queue: Acceptance tests (#​6339) (d9eb75d)
• r2_bucket_lock, r2_bucket_lifecycle: add acceptance tests (#​6299) (1fdbd28)
• update pr template (#​6359) (a062c51)
• zero_trust_connectivity_directory_service: Add wvpc / connectivity directory servic acceptance tests (#​6334) (63e78d5)
• zero_trust_dlp_custom_profile: shared_entries acceptance tests (#​6317) (83cf87b)
• zero_trust_network_hostname_route: Add acceptance tests for Hostname Routes (#​6282) (0ec769b)
• zerot trust dl resources: Add acceptance tests for DLP resources (rebased version of !5751) (#​6233) (cbd0568)

Documentation

• generate provider documentation (#​6394) (44843f0)
• generate terraform documentation (#​6384) (6bffa7c)

v5.11.0

Compare Source

Full Changelog: v5.10.1...v5.11.0

Features

• add assets.directory attribute for handling assets uploads in cloudflare_workers_script and cloudflare_worker_version resources (#​6160) (50168e5)
• add comprehensive test coverage for cloudflare_zero_trust_list types and (#​6258) (6d2746c)
• add missing services to CI test runner (#​6271) (1477df8)
• added capability for dynamicvalidator to do arbitrary semantic equivalence check (e1faeb8)
• Add custom origin trust store support (175f4f5)
• Add Terraform resource for Workflows (7533c05)
• Add leaked credential check resources (c6be1c6)
• Update worker and access application schemas (ed096e0)
• Adding new self-service SSO APIs (007bdbc)
• Changing SSO update from put to patch (f67fbd5)
• Rename duplicate parameter in the to_markdown subresource (07ccc50)
• Add to_markdown subresource to AI resource (1a71265)

Bug Fixes

• bugfix for setting JSON keys with special characters (9a106e3)
• build: fix broken builds on 'next' (#​6280) (2224d8a)
• build: revert cache resources to released state (#​6289) (e62250c)
• case-insensitive location handling for R2 bucket resources (#​6026) (78c33ff)
• cloudflare_workers_custom_domain failing to update (#​6082) (46203a3)
• fix acceptance tests in CI (#​6286) (c0a9e89)
• Fix zero trust access application acceptance tests (#​6243) (4a2cbdb)
• list_item: source url validation (#​6226) (70abffa)
• migrate: concatenate static and dynamic rules blocks (#​6215) (be571d8)
• migrate: page rules status defaults (#​6212) (42a83d1)
• migrate: zt access app default type (#​6218) (cea98f8)
• r2_bucket: case-insensitive location comparison and preserve state case in R2 bucket resource (#​6211) (5babbb1)
• resolve compilation and schem

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.