Releases: cloudflare/tf-migrate
Releases · cloudflare/tf-migrate
Release list
v1.0.1
v1.0.0
Changelog
First generally available release. Includes all changes from v1.0.0-beta.1 through v1.0.0-beta.12.
Supported Migration Paths
- v4 → v5: 80+ Cloudflare Terraform Provider resource types. See the supported resources table for the complete list.
- v5 → v5: Bypass mode — generates
moved {}blocks only, for provider-level schema moves within v5.
Highlights
- Automatic
.tfconfiguration transformation — resource renames, attribute changes, block restructuring,moved {}/import {}/removed {}block generation - Cross-file reference rewriting — updates resource type names, attribute references, and computed attribute references across all
.tffiles in the config directory - Phased migration for
cloudflare_zone_settings_override— handles state cleanup viaremoved {}blocks without requiringterraform state rm, compatible with Atlantis-managed workspaces - Pre-migration preflight scan — classifies all resources before transformation, warns about unsupported types and conflicting
moved {}blocks verify-driftcommand — readsterraform planoutput and classifies each change as expected or unexpected using embedded drift exemptions- Dry-run mode (
--dry-run) — previews all changes without modifying files - Recursive directory support (
--recursive) for module structures - Verbose diagnostics (
--verbose) and in-file# MIGRATION WARNINGcomments for changes requiring manual follow-up - Automatic provider version update in
required_providers(fetched from GitHub API, with--target-provider-versionoverride for air-gapped or CI environments) - Minimum provider version enforcement — blocks migration if v4 provider is below v4.52.5
- Backup files created by default; disable with
--no-backup - E2E test infrastructure — full lifecycle tests against real Cloudflare infrastructure with R2-backed remote state
v1.0.0-beta.12
Changelog
Features
- ac21872 feat(drift): add pages_project exemptions for build image version and env_vars drift (#278)
- 1f7497f feat: issue templates (#284)
Bug Fixes
- 0680bff fix(ruleset): convert action_parameters.rules map values from strings to lists (#277)
- 4ce7595 fix(split_tunnel): consolidate repeated warnings into a single actionable diagnostic (#280)
- 588d1c9 fix(zero_trust_list): handle comments, blank lines, for expressions, and references in items array (#279)
- dc68722 fix(zero_trust_list): migrate items_with_description written as attribute (#281)
- ec94a34 fix(zero_trust_local_fallback_domain): convert dynamic "domains" blocks to for-expressions (#282)
v1.0.0-beta.11
Changelog
Features
- cec7b31 feat(zero_trust_access_application): filter type-gated attributes (#267)
- 733d50b feat: add --exclude flag and change --recursive default to false (#271)
- 81eeb26 feat: add cloudflare_worker_secret migration support (#265)
- 6b6a2e4 feat: add computed attribute rewrite support for cross-file references (#266)
- d9e857d feat: consolidate duplicate warnings and move informational logs behind
--verboseflag (#272) - cadcb43 feat: fix minor bugs (#273)
Bug Fixes
- 4031a10 fix: E2E tests, a bit of this and that (#268)
- 3c20f74 fix: access app ref (#270)
- 09c366a fix: sort api_token permission_groups to match v5 provider canonical ordering (#276)
Others
v1.0.0-beta.10
Changelog
Features
Bug Fixes
- b3feb67 fix: audit schema for edge cases and nested fields (#258)
- 30a1876 fix: bugs from local testing (#253)
- 88b945f fix: zero trust list with same v5 name in v4 (#257)
Others
- 70e600c Fix e2e v4 version (#262)
- 7fcd2ba Migration UX improvements and bug fixes (#254)
- e91cc66 Migration fixes (#256)
- 04820ce chore(zero_trust_access_policy): extra test case (#259)
- 3486b1a chore(zero_trust_access_policy): v5 name test case (#261)
- 0d1130b fix(e2e-runner): resolve <zone_id> placeholder in hoisted import blocks (#255)
v1.0.0-beta.8
v1.0.0-beta.7
v1.0.0-beta.6
Changelog
Features
- 3d5df59 feat: add support for multiple v4 names in GetResourceRename (#231)
- 772c1f3 feat: phased migration for
cloudflare_zone_settings_override— no moreterraform state rm(#246) - 91dcb1c feat: v5 e2e test runner (#247)
Bug Fixes
- f24c5eb fix: extract
profile_idfrom import-address annotation for predefined DLP profiles + Atlantis migration guide (#245) - 6309bcf fix(ci): add missing env vars (#242)
- 2e792a0 fix(docs): update docs (#243)
- 554cee4 fix(e2e): add e2e-specific testdata to exclude resources that need real API credentials
- e6a6d8f fix: resolve access policy and AOP certificate migration bugs (#248)
- b117a4d fix: resolve research team migration issues (TKT-001, TKT-004)
Others
- 08c31fc Migration fixes (#249)
- 6ac76f1 Zero trust gateway certificate fix (#240)
- 43794b3 feat(verify-drift): add verify-drift subcommand for post-migration plan validation (#236)
- 9c88e7f fix(drift-exemptions): exempt conditional_access_enabled false->null for identity providers (#239)
- 6d63ea4 fix(load_balancer,healthcheck,zero_trust_gateway_settings): address migration coverage gaps (#238)
- 5843ace refactor: remove TransformState pipeline — state migration now fully provider-driven (#241)
- d8b90f5 refactor: replace StateTypeRenames side-channel with PerInstanceTypeRouter interface (#237)