diff --git a/.github/testing/main.tf b/.github/testing/main.tf
index 0cc5cb5..84087c5 100644
--- a/.github/testing/main.tf
+++ b/.github/testing/main.tf
@@ -2,11 +2,11 @@ terraform {
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
- version = ">= 4.7.0"
+ version = ">= 5, <6"
}
random = {
source = "hashicorp/random"
- version = "3.5.1"
+ version = "3.7.1"
}
}
}
@@ -42,7 +42,7 @@ resource "cloudflare_r2_bucket" "test2" {
name = random_string.bucket2_name.result
}
-module "r2-api-token" {
+module "r2-api-token-read" {
source = "../.."
account_id = var.account_id
buckets = [cloudflare_r2_bucket.test1.name, cloudflare_r2_bucket.test2.name]
@@ -50,6 +50,14 @@ module "r2-api-token" {
expires_on = timeadd(timestamp(), "10m")
}
+module "r2-api-token-write" {
+ source = "../.."
+ account_id = var.account_id
+ buckets = [cloudflare_r2_bucket.test2.name]
+ bucket_write = true
+ expires_on = timeadd(timestamp(), "10m")
+}
+
module "r2-api-token_custom_name" {
source = "../.."
account_id = var.account_id
@@ -66,12 +74,10 @@ module "r2-api-token_wildcard" {
expires_on = timeadd(timestamp(), "10m")
}
-
-
module "r2-api-token_eu" {
source = "../.."
account_id = var.account_id
bucket_write = false
expires_on = timeadd(timestamp(), "10m")
jurisdiction = "eu"
-}
+}
\ No newline at end of file
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
index 7105e3c..a7319f8 100644
--- a/.terraform-docs.yml
+++ b/.terraform-docs.yml
@@ -21,6 +21,13 @@ output:
write = false
}
```
+
+ ### Cloudflare provider version support
+
+ 5.0 and above uses version 5.0 of the Cloudflare provider.
+ 4.1.1 and below uses version 4 of the Cloudflare provider.
+
+ I will continue to support the 4.1.1 version to the best of my ability, but I will not be adding new features to it. I will only add new features to the 5.0 version of the provider.
{{ .Content }}
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index b39d397..402bf3b 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -2,24 +2,17 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/cloudflare/cloudflare" {
- version = "4.21.0"
- constraints = ">= 4.13.0"
+ version = "5.2.0"
+ constraints = ">= 5.0.0, < 6.0.0"
hashes = [
- "h1:yE3NwbKWcauqm0WijrJfLftllP3L+DbBT4acn6ssK3U=",
- "zh:35b80c29ba47dd843f4281903389a519e90406efe1fd440f704d3a8ccf5a8338",
- "zh:5af1ff1d13c7e91cd7e5382000b8f25bdd437ae3b73895b5876eb556352baf65",
- "zh:5cc5418817c766af16e2ca9f23ddf3bbdd3c7f5e1a65756ed6f010c75005493e",
- "zh:61655486cf10f65367f2bdc53701edb95a068859d54d30050d5028f5028f762d",
- "zh:6a6d09d78442b4177e768ddeecc2cd9807bea839ce660e6771df96ff33c34f10",
- "zh:6e56c6db96fb87a3a150a28588aa8ed430ef165ca3fde9ad873d40fad1f19021",
- "zh:72ab4b2ebc3e06d045b28fcf9156577c7c685fe8445154888aeda74a767b0666",
- "zh:78aa9402a1dc8a1c545355a63f6f64a7585ac8cb85ea1f4ef2d63919b8ea9864",
- "zh:7c337f94a1ebe35ca5aa8f36d11bea114a8baa09030036c3875c99595e6a3059",
- "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
- "zh:91c8a229a39bb3b79766da6ad77bdd18afa1fadeb811129de64a8c40a15708eb",
- "zh:a8cdad0dbea2528b716138d0e123ced7a676d24a785f7c27c14fe199f0e5d67a",
- "zh:a982d06804e3abd4d50d09df3e6926253b43c86767b5d5fb69396ca479aecaff",
- "zh:e1a2f880282aaa47344fda83c9f75dd3a317d152388adf1155c7aed3e12cb7a7",
- "zh:e64bb1d0199d492535b0825527b01ca42039804cf3903f583976486c40d5328e",
+ "h1:JC86gRl0Hbavb0PTSI7z6K/h/BD5SYg14fyCVRu3Tp8=",
+ "h1:bBevLqDBPm9wGkuGlmpCNuyJVgCkgViL64Yn5ut4wRM=",
+ "zh:1c2785da1d01b2afd0cca625e8fee472a36f681dc206823db9d59e82a4a7db68",
+ "zh:cfe874ddc069cce594f2b660bbac4692bf267012002e1884fd0772ba3ddd77ef",
+ "zh:debe086c0fee03bebebce9bf387ff3859efb54471d10981fe408de81c1af03f1",
+ "zh:e42fa5538a90620a366af7a32a48197fcb4509c6ade5ad4750166435de06fbe3",
+ "zh:e8d6eef684bbd12c6d9678a8ebeb7be982eb44f5916e1c471419dd78d3911848",
+ "zh:ea0698597ccc8a5fef56d0b76678a20701dc4f8b74e4b4c53904e3372cb50de7",
+ "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32",
]
}
diff --git a/README.md b/README.md
index 341a2da..1b0c5a6 100644
--- a/README.md
+++ b/README.md
@@ -12,19 +12,26 @@ module "r2-api-token" {
write = false
}
```
+
+### Cloudflare provider version support
+
+5.0 and above uses version 5.0 of the Cloudflare provider.
+4.1.1 and below uses version 4 of the Cloudflare provider.
+
+I will continue to support the 4.1.1 version to the best of my ability, but I will not be adding new features to it. I will only add new features to the 5.0 version of the provider.
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.2.0 |
-| [cloudflare](#requirement\_cloudflare) | >= 4.13.0, <5 |
+| [cloudflare](#requirement\_cloudflare) | >= 5, <6 |
## Providers
| Name | Version |
|------|---------|
-| [cloudflare](#provider\_cloudflare) | >= 4.13.0, <5 |
+| [cloudflare](#provider\_cloudflare) | >= 5, <6 |
## Modules
@@ -35,7 +42,7 @@ No modules.
| Name | Type |
|------|------|
| [cloudflare_api_token.token](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token) | resource |
-| [cloudflare_api_token_permission_groups.this](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/data-sources/api_token_permission_groups) | data source |
+| [cloudflare_api_token_permission_groups_list.this](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/data-sources/api_token_permission_groups_list) | data source |
## Inputs
diff --git a/main.tf b/main.tf
index 2bc73f9..7e2ef1b 100644
--- a/main.tf
+++ b/main.tf
@@ -3,31 +3,35 @@ terraform {
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
- version = ">= 4.13.0, <5"
+ version = ">= 5, <6"
}
}
}
-data "cloudflare_api_token_permission_groups" "this" {}
+data "cloudflare_api_token_permission_groups_list" "this" {
+}
locals {
resources = length(var.buckets) > 0 ? { for bucket in var.buckets : "com.cloudflare.edge.r2.bucket.${var.account_id}_${var.jurisdiction}_${bucket}" => "*" } : { "com.cloudflare.edge.r2.bucket.*" = "*" }
token_bucket_names = length(var.buckets) > 0 ? join(",", var.buckets) : "All-Buckets"
+ r2_api_permissions = { for x in data.cloudflare_api_token_permission_groups_list.this.result : x.name => x.id if contains(["Workers R2 Storage Bucket Item Read", "Workers R2 Storage Bucket Item Write"], x.name) }
+ permission_id_list = compact([
+ var.bucket_read ? local.r2_api_permissions["Workers R2 Storage Bucket Item Read"] : null,
+ var.bucket_write ? local.r2_api_permissions["Workers R2 Storage Bucket Item Write"] : null,
+ ])
}
resource "cloudflare_api_token" "token" {
name = var.token_name != "" ? var.token_name : "R2-${local.token_bucket_names}-${var.bucket_read ? "Read" : ""}-${var.bucket_write ? "Write" : ""}"
- policy {
- permission_groups = compact([
- var.bucket_read ? data.cloudflare_api_token_permission_groups.this.r2["Workers R2 Storage Bucket Item Read"] : null,
- var.bucket_write ? data.cloudflare_api_token_permission_groups.this.r2["Workers R2 Storage Bucket Item Write"] : null,
- ])
- resources = local.resources
- }
+ policies = [{
+ effect = "allow"
+ resources = local.resources
+ permission_groups = [for x in local.permission_id_list : { id = x }]
+ }]
not_before = var.not_before != "" ? var.not_before : null
expires_on = var.expires_on != "" ? var.expires_on : null
- condition {
- request_ip {
+ condition = {
+ request_ip = {
in = var.condition_ip_in
not_in = var.condition_ip_not_in
}