fix(zero_trust_device_posture_rule): preserve input.version and other…#6500
Merged
tamas-jozsa merged 1 commit intonextfrom Nov 28, 2025
Merged
fix(zero_trust_device_posture_rule): preserve input.version and other…#6500tamas-jozsa merged 1 commit intonextfrom
tamas-jozsa merged 1 commit intonextfrom
Conversation
… fields not returned by API The API doesn't return all configured input fields in Read responses, causing drift. This preserves input.version (critical), input.enabled cleanup, and additional fields (path, sha256, os_distro_*) from current state when API omits them. Fixes perpetual drift for firewall and os_version posture rules.
Merged
tamas-jozsa
added a commit
that referenced
this pull request
Nov 28, 2025
… fields (#6500) not returned by API The API doesn't return all configured input fields in Read responses, causing drift. This preserves input.version (critical), input.enabled cleanup, and additional fields (path, sha256, os_distro_*) from current state when API omits them. Fixes perpetual drift for firewall and os_version posture rules.
vaishakdinesh
added a commit
that referenced
this pull request
Dec 6, 2025
* codegen metadata * chore(zone): update migration tests (#6468) Updates `cloudflare_zone` migration tests to use `tf-migrate` instead of `cmd/migrate`. * feat: feat: BOTS-7562 add bot management feedback endpoints to stainless config (prod) * feat: BOTS-7562 add bot management feedback endpoints to stainless config (prod) * feat: chore: point Terraform to Go 'next' * chore: point Terraform to Go 'next' * chore(api): update composite API spec * chore(internal): codegen related update * fix(zone): datasource model schema parity (#6487) * fix(zone): make datasource's zone ID computed optional Resolves #6129 * test(zone): fix datasource model/schema parity Updates the `ZonesAccountDataSourceModel` type be useful for both filters and decerilization. * feat: feat(radar): Add origins endpoints to public api docs * chore(account_tokens): adding a simple CRUD test (#6484) * adding a simple CRUD test fo account tokens * add a test file * feat: chore(api_shield_discovery_operation): Deprecate api_shield_discovery_operation * chore(cloudflare_api_shield_operation): Add acceptance tests (#6491) * test: Add acceptance tests for cloudflare_api_shield_operation * chore: Add CI acceptance tests for api_shield_operation * chore(internal): codegen related update * chore(logpush_job): add v4 to v5 migration tests (#6483) * codegen metadata * add migration test for logpush_job * add zone level logpush jobs to sweeper * use MigrationV2TestStep, use zone level job for instant-logs test * handle instant-logs being returned from the API despite not being a valid config value * rename resource test name to be consistent --------- Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com> * fix(pages_project): use correct field name in test sweeper The Pages API response type uses "Name" instead of "ProjectName". Update the test sweeper to access the correct field from "ProjectListResponse". Fixes compilation error: deployment.ProjectName undefined (type pages.ProjectListResponse has no field or method ProjectName) * fix(zero_trust_device_posture_rule): preserve input.version and other fields (#6500) not returned by API The API doesn't return all configured input fields in Read responses, causing drift. This preserves input.version (critical), input.enabled cleanup, and additional fields (path, sha256, os_distro_*) from current state when API omits them. Fixes perpetual drift for firewall and os_version posture rules. * feat: feat(r2_data_catalog): Configure SDKs/Terraform to use R2 Data Catalog routes * feat(r2_data_catalog): Configure SDKs/Terraform to use R2 Data Catalog routes * DS-15730: Re-enable logpush_dataset_field data source and add acceptance test (#6499) Co-authored-by: Henry Clausen <hclausen@cloudflare.com> * DS-15566: Add logpush_job acceptance test for filter update (#6498) Co-authored-by: Henry Clausen <hclausen@cloudflare.com> * chore(internal): codegen related update * Update Subscription and Subscription.RatePlan schema in order to satisfy terraform to no detect changes on no changes to the config (#6497) * BILLSUB-247 CUSTESC-57375 fix drift issues after apply causing idempotency issues on subsequent applies * BILLSUB-247 CUSTESC-57375 fix wrong computed_optional syntax * Fix zone_subscription Sets field type mismatch --------- Co-authored-by: Sui Mak <sui@cloudflare.com> * feat: improve and standardize sweepers (#6501) * fix(zero_trust_device_posture_rule): preserve input.version and other fields (#6503) not returned by API The API doesn't return all configured input fields in Read responses, causing drift. This preserves input.version (critical), input.enabled cleanup, and additional fields (path, sha256, os_distro_*) from current state when API omits them. Fixes perpetual drift for firewall and os_version posture rules. * chore(internal): codegen related update * chore(zero_trust_device_managed_networks): add tests (#6463) * chore(zero_trust_device_default_profile_local_domain_fallback): add tests (#6464) * chore(zero_trust_device_posture_integration): update tests for to test with Crowdstrike (#6470) * fix(zone_subscription|account_subscription): add partners_ent as valid enum for rate_plan.id (#6505) * fix: add partners_ent as valid enum for rate_plan.id * fix: remove partners_enterprise enum from account subscription --------- Co-authored-by: Sui Mak <sui@cloudflare.com> * chore(api): update composite API spec * chore(internal): codegen related update * chore(internal): codegen related update * feat: add v4->v5 migration tests for pages_project and adjust schema (#6506) * fix: update import signature to accept account_id/subscription_id in order to import account subscription (#6510) Co-authored-by: Sui Mak <sui@cloudflare.com> * fix: r2 sweeper (#6512) * chore(internal): codegen related update * codegen metadata * chore(internal): codegen related update * chore(internal): codegen related update * codegen metadata * feat: chore: update go sdk to v6.4.0 for provider release * chore: skip invalid change detection * chore: update go sdk to v6.4.0 * fix(workers_script): resource drift when worker has unmanaged secret (#6504) Co-authored-by: Chris Thorwarth <cthorwarth@cloudflare.com> * fix(workers_script): No longer treating the migrations attribute as WriteOnly (#6489) * codegen metadata * wip: moving migrations to be a write-only attribute --------- Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com> Co-authored-by: Chris Thorwarth <cthorwarth@cloudflare.com> * chore(zero_trust_device_default|custom_profile): acceptance test coverage (#6511) * fix(account_members): making member policies a set (#6488) * ACCT-11111 making member policies a set * fixing test resource name * removing unnecessary * removing unnecessary * correct client version * fixing resource names and sweeping * manual cleanup of test resources * making resource groups and perm groups sets * fix(tests): resolve SDK v6 migration test failures (#6507) - Change global test resource prefix from cf-tf-test- to cftftest_ to fix API name validation errors (fixes list, list_item, snippet) - Add certificate_pack hosts order-insensitive comparison in ModifyPlan to prevent unnecessary replacements - Add UseStateForUnknown() plan modifier to certificate_pack primary_certificate field - Add UseStateForUnknown() plan modifiers to pages_project deployment_configs fields (always_use_latest_compatibility_date, build_image_major_version, compatibility_date, fail_open) to prevent state drift Fixes test failures in: list, list_item, snippet, certificate_pack, pages_domain, pages_project * chore(tests): cloud connector rules parity tests and add connectivity_directory_service tests (#6513) * fix(cloud_connector_rules): datasource model schema parity * fix: rename e2e test for connectivity_directory_service * fix(account_member): use sdk to setup prereq * fix(cloud_connector_rules): model and schema --------- Co-authored-by: Eric Falcao <efalcao@cloudflare.com> * fix: decoder, build (#6514) * fix(test_utils): undefined func * fix(decoder): dont include fields with json tag - * chore(account_subscription): skip test * fix: decoder and tests (#6516) chore(account_member): dont run acceptance with env variable fix(utils): test assertions * chore(account_member): fix check for env var (#6517) * fix(workers_kv): ignore value import state verify (#6521) * fix(workers_kv): ignore value import state verify * chore(workers_kv): comment about why we're ignoring value * chore(account_member): skip until user is dsr enabled (#6522) * fix(pages_project): non empty refresh plans (#6515) * chore(docs): update documentation (#6523) * chore: update changelog (#6525) * release: 5.14.0 --------- Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com> Co-authored-by: Michael Girouard <206137+mgirouard@users.noreply.github.com> Co-authored-by: Steve Conrad <sconrad@cloudflare.com> Co-authored-by: cbertiercloudflare <cbertier@cloudflare.com> Co-authored-by: Sarah Sicard <18204584+ssicard@users.noreply.github.com> Co-authored-by: Tamas Jozsa <tamas@cloudflare.com> Co-authored-by: Henry Clausen <33390934+hc2116@users.noreply.github.com> Co-authored-by: Henry Clausen <hclausen@cloudflare.com> Co-authored-by: Sui Mak <smakys501@gmail.com> Co-authored-by: Sui Mak <sui@cloudflare.com> Co-authored-by: jlu-cloudflare <124198068+jlu-cloudflare@users.noreply.github.com> Co-authored-by: Rotem Atzaba <rotem@cloudflare.com> Co-authored-by: christhorwarth <chris.thorwarth@gmail.com> Co-authored-by: Chris Thorwarth <cthorwarth@cloudflare.com> Co-authored-by: Vaishak Dinesh <vaishakpdinesh@gmail.com> Co-authored-by: Eric Falcao <efalcao@cloudflare.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
… fields
not returned by API
The API doesn't return all configured input fields in Read responses,
causing
drift. This preserves input.version (critical), input.enabled cleanup, and
additional fields (path, sha256, os_distro_*) from current state when API
omits them.
Fixes perpetual drift for firewall and os_version posture rules.
Changes being requested
Acceptance test run results
Steps to run acceptance tests
Test output
Additional context & links