Try with v5 cloudflare provider (#11)

* Try with v5 cloudflare provider

* Add a test for write token

* Add comment about version support

Author: Cyb3r-Jak3

.github/testing/main.tf

@@ -2,11 +2,11 @@ terraform {
   required_providers {
     cloudflare = {
       source  = "cloudflare/cloudflare"
-      version = ">= 4.7.0"
+      version = ">= 5, <6"
     }
     random = {
       source  = "hashicorp/random"
-      version = "3.5.1"
+      version = "3.7.1"
     }
   }
 }
@@ -42,14 +42,22 @@ resource "cloudflare_r2_bucket" "test2" {
   name       = random_string.bucket2_name.result
 }
 
-module "r2-api-token" {
+module "r2-api-token-read" {
   source       = "../.."
   account_id   = var.account_id
   buckets      = [cloudflare_r2_bucket.test1.name, cloudflare_r2_bucket.test2.name]
   bucket_write = false
   expires_on = timeadd(timestamp(), "10m")
 }
 
+module "r2-api-token-write" {
+  source       = "../.."
+  account_id   = var.account_id
+  buckets      = [cloudflare_r2_bucket.test2.name]
+  bucket_write = true
+  expires_on = timeadd(timestamp(), "10m")
+}
+
 module "r2-api-token_custom_name" {
   source       = "../.."
   account_id   = var.account_id
@@ -66,12 +74,10 @@ module "r2-api-token_wildcard" {
   expires_on = timeadd(timestamp(), "10m")
 }
 
-
-
 module "r2-api-token_eu" {
   source       = "../.."
   account_id   = var.account_id
   bucket_write = false
   expires_on = timeadd(timestamp(), "10m")
   jurisdiction = "eu"
-}
+}

.terraform-docs.yml

@@ -21,6 +21,13 @@ output:
       write = false
     }
     ```
+
+    ### Cloudflare provider version support
+
+    5.0 and above uses version 5.0 of the Cloudflare provider.  
+    4.1.1 and below uses version 4 of the Cloudflare provider.
+
+    I will continue to support the 4.1.1 version to the best of my ability, but I will not be adding new features to it. I will only add new features to the 5.0 version of the provider.
     <!-- BEGIN_TF_DOCS -->
     {{ .Content }}
     <!-- END_TF_DOCS -->

.terraform.lock.hcl

@@ -12,19 +12,26 @@ module "r2-api-token" {
   write = false
 }
 ```
+
+### Cloudflare provider version support
+
+5.0 and above uses version 5.0 of the Cloudflare provider.  
+4.1.1 and below uses version 4 of the Cloudflare provider.
+
+I will continue to support the 4.1.1 version to the best of my ability, but I will not be adding new features to it. I will only add new features to the 5.0 version of the provider.
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2.0 |
-| <a name="requirement_cloudflare"></a> [cloudflare](#requirement\_cloudflare) | >= 4.13.0, <5 |
+| <a name="requirement_cloudflare"></a> [cloudflare](#requirement\_cloudflare) | >= 5, <6 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_cloudflare"></a> [cloudflare](#provider\_cloudflare) | >= 4.13.0, <5 |
+| <a name="provider_cloudflare"></a> [cloudflare](#provider\_cloudflare) | >= 5, <6 |
 
 ## Modules
 
@@ -35,7 +42,7 @@ No modules.
 | Name | Type |
 |------|------|
 | [cloudflare_api_token.token](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token) | resource |
-| [cloudflare_api_token_permission_groups.this](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/data-sources/api_token_permission_groups) | data source |
+| [cloudflare_api_token_permission_groups_list.this](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/data-sources/api_token_permission_groups_list) | data source |
 
 ## Inputs
 

README.md

@@ -3,31 +3,35 @@ terraform {
   required_providers {
     cloudflare = {
       source  = "cloudflare/cloudflare"
-      version = ">= 4.13.0, <5"
+      version = ">= 5, <6"
     }
   }
 }
 
-data "cloudflare_api_token_permission_groups" "this" {}
+data "cloudflare_api_token_permission_groups_list" "this" {
+}
 
 locals {
   resources          = length(var.buckets) > 0 ? { for bucket in var.buckets : "com.cloudflare.edge.r2.bucket.${var.account_id}_${var.jurisdiction}_${bucket}" => "*" } : { "com.cloudflare.edge.r2.bucket.*" = "*" }
   token_bucket_names = length(var.buckets) > 0 ? join(",", var.buckets) : "All-Buckets"
+  r2_api_permissions = { for x in data.cloudflare_api_token_permission_groups_list.this.result : x.name => x.id if contains(["Workers R2 Storage Bucket Item Read", "Workers R2 Storage Bucket Item Write"], x.name) }
+  permission_id_list = compact([
+    var.bucket_read ? local.r2_api_permissions["Workers R2 Storage Bucket Item Read"] : null,
+    var.bucket_write ? local.r2_api_permissions["Workers R2 Storage Bucket Item Write"] : null,
+  ])
 }
 
 resource "cloudflare_api_token" "token" {
   name = var.token_name != "" ? var.token_name : "R2-${local.token_bucket_names}-${var.bucket_read ? "Read" : ""}-${var.bucket_write ? "Write" : ""}"
-  policy {
-    permission_groups = compact([
-      var.bucket_read ? data.cloudflare_api_token_permission_groups.this.r2["Workers R2 Storage Bucket Item Read"] : null,
-      var.bucket_write ? data.cloudflare_api_token_permission_groups.this.r2["Workers R2 Storage Bucket Item Write"] : null,
-    ])
-    resources = local.resources
-  }
+  policies = [{
+    effect            = "allow"
+    resources         = local.resources
+    permission_groups = [for x in local.permission_id_list : { id = x }]
+  }]
   not_before = var.not_before != "" ? var.not_before : null
   expires_on = var.expires_on != "" ? var.expires_on : null
-  condition {
-    request_ip {
+  condition = {
+    request_ip = {
       in     = var.condition_ip_in
       not_in = var.condition_ip_not_in
     }