cloudflare_zero_trust_access_xxx: migration from old resources to new resources

[kgusarov]

Confirmation

• [X] This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
• [X] I have searched the issue tracker and my issue isn't already found.
• [X] I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform - 1.8.5 Provider - 4.40.0

Affected resource(s)

cloudflare_zero_trust_access_application cloudflare_zero_trust_access_service_token cloudflare_zero_trust_access_policy

Terraform configuration files

moved {
  from = cloudflare_access_service_token.token[0]
  to   = cloudflare_zero_trust_access_service_token.token[0]
}

moved {
  from = cloudflare_access_policy.policy[0]
  to   = cloudflare_zero_trust_access_policy.policy[0]
}

moved {
  from = cloudflare_access_application.access_application[0]
  to   = cloudflare_zero_trust_access_application.access_application[0]
}

Link to debug output

N/A - not supported in corporate CI

Panic output

No response

Expected output

Old resources migrated to new resource types

Actual output

• The "cloudflare_zero_trust_access_policy" resource type does not support moving resource state across resource types.
• The "cloudflare_zero_trust_access_application" resource type does not support moving resource state across resource types.
• The "cloudflare_zero_trust_access_service_token" resource type does not support moving resource state across resource types.

Steps to reproduce

1. Create deprecated access resources.
2. Migrate them to new types using moved keyword

Additional factoids

No response

References

https://github.com/cloudflare/terraform-provider-cloudflare/pull/3584

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[github-actions[bot]]

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

[jacobbednarz]

moving resources between types is not supported in SDKv2 (framework only has support in 1.8+). while we may look at this for newer resources, it's not something that can be implemented today. i recommend following the Terraform guidance for moving/renames of resources in your configuration either by using a two phase approach or state mv directly.