Try with v5 cloudflare provider

Cyb3r-Jak3 · Cyb3r-Jak3 · commit 714cb4c398c3 · 2025-03-21T17:26:33.000-04:00
diff --git a/.github/testing/main.tf b/.github/testing/main.tf
@@ -2,11 +2,11 @@ terraform {
   required_providers {
     cloudflare = {
       source  = "cloudflare/cloudflare"
-      version = ">= 4.7.0"
+      version = ">= 5, <6"
     }
     random = {
       source  = "hashicorp/random"
-      version = "3.5.1"
+      version = "3.7.1"
     }
   }
 }
@@ -66,8 +66,6 @@ module "r2-api-token_wildcard" {
   expires_on = timeadd(timestamp(), "10m")
 }
 
-
-
 module "r2-api-token_eu" {
   source       = "../.."
   account_id   = var.account_id
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/main.tf b/main.tf
@@ -3,12 +3,12 @@ terraform {
   required_providers {
     cloudflare = {
       source  = "cloudflare/cloudflare"
-      version = ">= 4.13.0, <5"
+      version = ">= 5, <6"
     }
   }
 }
 
-data "cloudflare_api_token_permission_groups" "this" {}
+data "cloudflare_account_api_token_permission_groups" "this" {}
 
 locals {
   resources          = length(var.buckets) > 0 ? { for bucket in var.buckets : "com.cloudflare.edge.r2.bucket.${var.account_id}_${var.jurisdiction}_${bucket}" => "*" } : { "com.cloudflare.edge.r2.bucket.*" = "*" }
@@ -17,17 +17,18 @@ locals {
 
 resource "cloudflare_api_token" "token" {
   name = var.token_name != "" ? var.token_name : "R2-${local.token_bucket_names}-${var.bucket_read ? "Read" : ""}-${var.bucket_write ? "Write" : ""}"
-  policy {
+  polices = [{
+    effect = "allow"
+    resources = local.resources
     permission_groups = compact([
-      var.bucket_read ? data.cloudflare_api_token_permission_groups.this.r2["Workers R2 Storage Bucket Item Read"] : null,
-      var.bucket_write ? data.cloudflare_api_token_permission_groups.this.r2["Workers R2 Storage Bucket Item Write"] : null,
+      var.bucket_read ? data.cloudflare_account_api_token_permission_groups.this.r2["Workers R2 Storage Bucket Item Read"] : null,
+      var.bucket_write ? data.cloudflare_account_api_token_permission_groups.this.r2["Workers R2 Storage Bucket Item Write"] : null,
     ])
-    resources = local.resources
-  }
+  }]
   not_before = var.not_before != "" ? var.not_before : null
   expires_on = var.expires_on != "" ? var.expires_on : null
-  condition {
-    request_ip {
+  condition = {
+    request_ip = {
       in     = var.condition_ip_in
       not_in = var.condition_ip_not_in
     }

Original file line number	Diff line number	Diff line change
`@@ -2,11 +2,11 @@ terraform {`
`2`	`2`	`required_providers {`
`3`	`3`	`cloudflare = {`
`4`	`4`	`source = "cloudflare/cloudflare"`
`5`		`- version = ">= 4.7.0"`
	`5`	`+ version = ">= 5, <6"`
`6`	`6`	`}`
`7`	`7`	`random = {`
`8`	`8`	`source = "hashicorp/random"`
`9`		`- version = "3.5.1"`
	`9`	`+ version = "3.7.1"`
`10`	`10`	`}`
`11`	`11`	`}`
`12`	`12`	`}`
`@@ -66,8 +66,6 @@ module "r2-api-token_wildcard" {`
`66`	`66`	`expires_on = timeadd(timestamp(), "10m")`
`67`	`67`	`}`
`68`	`68`
`69`		`-`
`70`		`-`
`71`	`69`	`module "r2-api-token_eu" {`
`72`	`70`	`source = "../.."`
`73`	`71`	`account_id = var.account_id`