cloudflare
diff --git a/‎e2e/drift-exemptions/zero_trust_device_posture_integration.yaml‎
Lines changed: 22 additions & 0 deletions b/‎e2e/drift-exemptions/zero_trust_device_posture_integration.yaml‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎integration/v4_to_v5/testdata/zero_trust_device_posture_integration/expected/device_posture_integration.tf‎
Lines changed: 93 additions & 15 deletions b/‎integration/v4_to_v5/testdata/zero_trust_device_posture_integration/expected/device_posture_integration.tf‎
Lines changed: 93 additions & 15 deletions
diff --git a/‎integration/v4_to_v5/testdata/zero_trust_device_posture_integration/expected/device_posture_integration_e2e.tf‎
Lines changed: 74 additions & 14 deletions b/‎integration/v4_to_v5/testdata/zero_trust_device_posture_integration/expected/device_posture_integration_e2e.tf‎
Lines changed: 74 additions & 14 deletions
@@ -0,0 +1,22 @@
+# Drift Exemptions for zero_trust_device_posture_integration resource
+#
+# Resource-specific exemptions for cloudflare_zero_trust_device_posture_integration
+#
+# SDK v2 stores unset optional fields as empty strings (""), while Framework stores
+# them as null. During migration, these fields are converted from "" to null to match
+# Framework behavior, which causes expected initial drift.
+
+version: 1
+
+exemptions:
+  # ONLY empty string to null conversions - no other drift allowed
+  - name: "empty_string_to_null_only"
+    description: "Allow ONLY empty string to null conversions (SDK v2 -> Framework)"
+    patterns:
+      - '"".*->.*null'
+      - '-> null # forces replacement'
+    enabled: true
+
+settings:
+  apply_exemptions: true
+  verbose_exemptions: false
@@ -23,6 +23,35 @@ locals {
   ws1_auth_url       = "https://na.uemauth.vmwservices.com/connect/token"
 }
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Total resource instances:
+# - map_integrations: 3 (workspace_one, crowdstrike, uptycs)
+# - set_integrations: 3 (intune, kolide, sentinelone_s2s)
+# - count_integrations: 3
+# - conditional: 2
+# - primary: 1
+# - secondary: 1
+# - lifecycle_test: 1
+# - prevent_destroy: 1
+# - function_test: 1
+# - minimal: 1
+# - all_fields: 1
+# - no_interval: 1
+# - dynamic_test: 1
+# TOTAL: 20 resource instances
+
 # Pattern 3: for_each with maps (3-5 resources)
 resource "cloudflare_zero_trust_device_posture_integration" "map_integrations" {
   for_each = {
@@ -65,6 +94,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "map_integrations" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.map_integrations
+  to   = cloudflare_zero_trust_device_posture_integration.map_integrations
+}
+
 # Pattern 4: for_each with sets (3-5 items)
 resource "cloudflare_zero_trust_device_posture_integration" "set_integrations" {
   for_each = toset(["intune", "kolide", "sentinelone_s2s"])
@@ -80,6 +114,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "set_integrations" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.set_integrations
+  to   = cloudflare_zero_trust_device_posture_integration.set_integrations
+}
+
 # Pattern 5: count-based resources (at least 3)
 resource "cloudflare_zero_trust_device_posture_integration" "count_integrations" {
   count = 3
@@ -96,6 +135,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "count_integrations"
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.count_integrations
+  to   = cloudflare_zero_trust_device_posture_integration.count_integrations
+}
+
 # Pattern 6: Conditional resource creation (count with ternary)
 resource "cloudflare_zero_trust_device_posture_integration" "conditional" {
   count = var.enable_integrations ? 2 : 0
@@ -111,6 +155,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "conditional" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.conditional
+  to   = cloudflare_zero_trust_device_posture_integration.conditional
+}
+
 # Pattern 7: Cross-resource references
 resource "cloudflare_zero_trust_device_posture_integration" "primary" {
   account_id = var.cloudflare_account_id
@@ -126,6 +175,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "primary" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.primary
+  to   = cloudflare_zero_trust_device_posture_integration.primary
+}
+
 resource "cloudflare_zero_trust_device_posture_integration" "secondary" {
   # References the primary integration's name
   account_id = var.cloudflare_account_id
@@ -140,6 +194,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "secondary" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.secondary
+  to   = cloudflare_zero_trust_device_posture_integration.secondary
+}
+
 # Pattern 8: Lifecycle meta-arguments
 resource "cloudflare_zero_trust_device_posture_integration" "lifecycle_test" {
   account_id = var.cloudflare_account_id
@@ -161,6 +220,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "lifecycle_test" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.lifecycle_test
+  to   = cloudflare_zero_trust_device_posture_integration.lifecycle_test
+}
+
 resource "cloudflare_zero_trust_device_posture_integration" "prevent_destroy" {
   account_id = var.cloudflare_account_id
   name       = "${local.integration_prefix}-prevent-destroy"
@@ -179,6 +243,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "prevent_destroy" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.prevent_destroy
+  to   = cloudflare_zero_trust_device_posture_integration.prevent_destroy
+}
+
 # Pattern 9: Terraform functions
 resource "cloudflare_zero_trust_device_posture_integration" "function_test" {
   account_id = var.cloudflare_account_id
@@ -194,6 +263,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "function_test" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.function_test
+  to   = cloudflare_zero_trust_device_posture_integration.function_test
+}
+
 # Additional edge cases
 resource "cloudflare_zero_trust_device_posture_integration" "minimal" {
   account_id = var.cloudflare_account_id
@@ -206,6 +280,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "minimal" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.minimal
+  to   = cloudflare_zero_trust_device_posture_integration.minimal
+}
+
 resource "cloudflare_zero_trust_device_posture_integration" "all_fields" {
   account_id = var.cloudflare_account_id
   name       = "${local.integration_prefix}-all-fields"
@@ -224,6 +303,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "all_fields" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.all_fields
+  to   = cloudflare_zero_trust_device_posture_integration.all_fields
+}
+
 resource "cloudflare_zero_trust_device_posture_integration" "no_interval" {
   account_id = var.cloudflare_account_id
   name       = "${local.integration_prefix}-no-interval"
@@ -236,6 +320,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "no_interval" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.no_interval
+  to   = cloudflare_zero_trust_device_posture_integration.no_interval
+}
+
 # Dynamic block example
 resource "cloudflare_zero_trust_device_posture_integration" "dynamic_test" {
   account_id = var.cloudflare_account_id
@@ -253,18 +342,7 @@ resource "cloudflare_zero_trust_device_posture_integration" "dynamic_test" {
   }
 }
 
-# Total resource instances:
-# - map_integrations: 3 (workspace_one, crowdstrike, uptycs)
-# - set_integrations: 3 (intune, kolide, sentinelone_s2s)
-# - count_integrations: 3
-# - conditional: 2
-# - primary: 1
-# - secondary: 1
-# - lifecycle_test: 1
-# - prevent_destroy: 1
-# - function_test: 1
-# - minimal: 1
-# - all_fields: 1
-# - no_interval: 1
-# - dynamic_test: 1
-# TOTAL: 20 resource instances
+moved {
+  from = cloudflare_device_posture_integration.dynamic_test
+  to   = cloudflare_zero_trust_device_posture_integration.dynamic_test
+}
@@ -42,6 +42,31 @@ locals {
   e2e_prefix = "tf-e2e-migrate"
 }
 
+
+
+
+
+
+
+
+
+
+
+# Summary of E2E Test Cases:
+# Total: 13 resource instances (1 + 1 + 1 + 1 + 2 + 2 + 2 + 1 + 1 + 1)
+#
+# Coverage:
+# - Deprecated resource name rename: 6 instances (deprecated_name, with_identifier, foreach_deprecated x2, primary, with_comments)
+# - Current resource name (no rename): 7 instances (current_name, no_interval, count_test x2, secondary, lifecycle_test)
+# - Identifier field removal: 1 instance (with_identifier)
+# - Different interval values: All instances (1h, 2h, 6h, 12h, 24h, 168h)
+# - Config block → attribute: All instances
+# - Count-based: 2 instances (count_test[0], count_test[1])
+# - for_each with map: 2 instances (foreach_deprecated["hourly"], foreach_deprecated["daily"])
+# - Cross-resource references: 2 instances (primary, secondary)
+# - Lifecycle meta-arguments: 1 instance (lifecycle_test)
+# - Comments preservation: 1 instance (with_comments)
+
 # Test Case 1: Deprecated resource name with all fields
 # Tests: cloudflare_device_posture_integration → cloudflare_zero_trust_device_posture_integration rename
 # Tests: config block → attribute transformation
@@ -59,6 +84,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "deprecated_name" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.deprecated_name
+  to   = cloudflare_zero_trust_device_posture_integration.deprecated_name
+}
+
 # Test Case 2: Current resource name with all fields
 # Tests: No resource name change (already using current name)
 # Tests: config block → attribute transformation
@@ -76,6 +106,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "current_name" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.current_name
+  to   = cloudflare_zero_trust_device_posture_integration.current_name
+}
+
 # Test Case 3: Non-standard interval value
 # Tests: Various interval formats (not just 24h)
 # Tests: config block → attribute transformation
@@ -93,6 +128,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "no_interval" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.no_interval
+  to   = cloudflare_zero_trust_device_posture_integration.no_interval
+}
+
 # Test Case 4: With deprecated identifier field
 # Tests: identifier field is removed during migration
 # Tests: Deprecated resource name → current name
@@ -111,6 +151,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "with_identifier" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.with_identifier
+  to   = cloudflare_zero_trust_device_posture_integration.with_identifier
+}
+
 # Test Case 5: Count-based resources
 # Tests: Multiple resources with count
 # Tests: Different interval values
@@ -131,6 +176,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "count_test" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.count_test
+  to   = cloudflare_zero_trust_device_posture_integration.count_test
+}
+
 # Test Case 6: for_each with map
 # Tests: for_each with map iteration
 # Tests: Variable interval values
@@ -154,6 +204,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "foreach_deprecated"
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.foreach_deprecated
+  to   = cloudflare_zero_trust_device_posture_integration.foreach_deprecated
+}
+
 # Test Case 7: Cross-resource reference
 # Tests: References between resources work after migration
 # Tests: Deprecated name → current name for referenced resource
@@ -171,6 +226,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "primary" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.primary
+  to   = cloudflare_zero_trust_device_posture_integration.primary
+}
+
 resource "cloudflare_zero_trust_device_posture_integration" "secondary" {
   account_id = var.cloudflare_account_id
   name       = "${cloudflare_zero_trust_device_posture_integration.primary.name}-secondary"
@@ -185,6 +245,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "secondary" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.secondary
+  to   = cloudflare_zero_trust_device_posture_integration.secondary
+}
+
 # Test Case 8: Lifecycle meta-arguments
 # Tests: Lifecycle blocks are preserved during migration
 # Tests: config block → attribute transformation with lifecycle
@@ -206,6 +271,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "lifecycle_test" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.lifecycle_test
+  to   = cloudflare_zero_trust_device_posture_integration.lifecycle_test
+}
+
 # Test Case 9: Comments preservation
 # Tests: Comments are preserved during migration
 resource "cloudflare_zero_trust_device_posture_integration" "with_comments" {
@@ -224,17 +294,7 @@ resource "cloudflare_zero_trust_device_posture_integration" "with_comments" {
   }
 }
 
-# Summary of E2E Test Cases:
-# Total: 13 resource instances (1 + 1 + 1 + 1 + 2 + 2 + 2 + 1 + 1 + 1)
-#
-# Coverage:
-# - Deprecated resource name rename: 6 instances (deprecated_name, with_identifier, foreach_deprecated x2, primary, with_comments)
-# - Current resource name (no rename): 7 instances (current_name, no_interval, count_test x2, secondary, lifecycle_test)
-# - Identifier field removal: 1 instance (with_identifier)
-# - Different interval values: All instances (1h, 2h, 6h, 12h, 24h, 168h)
-# - Config block → attribute: All instances
-# - Count-based: 2 instances (count_test[0], count_test[1])
-# - for_each with map: 2 instances (foreach_deprecated["hourly"], foreach_deprecated["daily"])
-# - Cross-resource references: 2 instances (primary, secondary)
-# - Lifecycle meta-arguments: 1 instance (lifecycle_test)
-# - Comments preservation: 1 instance (with_comments)
+moved {
+  from = cloudflare_device_posture_integration.with_comments
+  to   = cloudflare_zero_trust_device_posture_integration.with_comments
+}