cloudflare · SirCortly · Mar 4, 2026 · Feb 24, 2026
diff --git a/e2e/drift-exemptions/zero_trust_device_posture_integration.yaml b/e2e/drift-exemptions/zero_trust_device_posture_integration.yaml
@@ -0,0 +1,22 @@
+# Drift Exemptions for zero_trust_device_posture_integration resource
+#
+# Resource-specific exemptions for cloudflare_zero_trust_device_posture_integration
+#
+# SDK v2 stores unset optional fields as empty strings (""), while Framework stores
+# them as null. During migration, these fields are converted from "" to null to match
+# Framework behavior, which causes expected initial drift.
+
+version: 1
+
+exemptions:
+  # ONLY empty string to null conversions - no other drift allowed
+  - name: "empty_string_to_null_only"
+    description: "Allow ONLY empty string to null conversions (SDK v2 -> Framework)"
+    patterns:
+      - '"".*->.*null'
+      - '-> null # forces replacement'
+    enabled: true
+
+settings:
+  apply_exemptions: true
+  verbose_exemptions: false
diff --git a/..._v5/testdata/zero_trust_device_posture_integration/expected/device_posture_integration.tf b/..._v5/testdata/zero_trust_device_posture_integration/expected/device_posture_integration.tf
@@ -23,6 +23,35 @@ locals {
   ws1_auth_url       = "https://na.uemauth.vmwservices.com/connect/token"
 }
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Total resource instances:
+# - map_integrations: 3 (workspace_one, crowdstrike, uptycs)
+# - set_integrations: 3 (intune, kolide, sentinelone_s2s)
+# - count_integrations: 3
+# - conditional: 2
+# - primary: 1
+# - secondary: 1
+# - lifecycle_test: 1
+# - prevent_destroy: 1
+# - function_test: 1
+# - minimal: 1
+# - all_fields: 1
+# - no_interval: 1
+# - dynamic_test: 1
+# TOTAL: 20 resource instances
+
 # Pattern 3: for_each with maps (3-5 resources)
 resource "cloudflare_zero_trust_device_posture_integration" "map_integrations" {
   for_each = {
@@ -65,6 +94,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "map_integrations" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.map_integrations
+  to   = cloudflare_zero_trust_device_posture_integration.map_integrations
+}
+
 # Pattern 4: for_each with sets (3-5 items)
 resource "cloudflare_zero_trust_device_posture_integration" "set_integrations" {
   for_each = toset(["intune", "kolide", "sentinelone_s2s"])
@@ -80,6 +114,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "set_integrations" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.set_integrations
+  to   = cloudflare_zero_trust_device_posture_integration.set_integrations
+}
+
 # Pattern 5: count-based resources (at least 3)
 resource "cloudflare_zero_trust_device_posture_integration" "count_integrations" {
   count = 3
@@ -96,6 +135,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "count_integrations"
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.count_integrations
+  to   = cloudflare_zero_trust_device_posture_integration.count_integrations
+}
+
 # Pattern 6: Conditional resource creation (count with ternary)
 resource "cloudflare_zero_trust_device_posture_integration" "conditional" {
   count = var.enable_integrations ? 2 : 0
@@ -111,6 +155,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "conditional" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.conditional
+  to   = cloudflare_zero_trust_device_posture_integration.conditional
+}
+
 # Pattern 7: Cross-resource references
 resource "cloudflare_zero_trust_device_posture_integration" "primary" {
   account_id = var.cloudflare_account_id
@@ -126,6 +175,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "primary" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.primary
+  to   = cloudflare_zero_trust_device_posture_integration.primary
+}
+
 resource "cloudflare_zero_trust_device_posture_integration" "secondary" {
   # References the primary integration's name
   account_id = var.cloudflare_account_id
@@ -140,6 +194,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "secondary" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.secondary
+  to   = cloudflare_zero_trust_device_posture_integration.secondary
+}
+
 # Pattern 8: Lifecycle meta-arguments
 resource "cloudflare_zero_trust_device_posture_integration" "lifecycle_test" {
   account_id = var.cloudflare_account_id
@@ -161,6 +220,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "lifecycle_test" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.lifecycle_test
+  to   = cloudflare_zero_trust_device_posture_integration.lifecycle_test
+}
+
 resource "cloudflare_zero_trust_device_posture_integration" "prevent_destroy" {
   account_id = var.cloudflare_account_id
   name       = "${local.integration_prefix}-prevent-destroy"
@@ -179,6 +243,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "prevent_destroy" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.prevent_destroy
+  to   = cloudflare_zero_trust_device_posture_integration.prevent_destroy
+}
+
 # Pattern 9: Terraform functions
 resource "cloudflare_zero_trust_device_posture_integration" "function_test" {
   account_id = var.cloudflare_account_id
@@ -194,6 +263,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "function_test" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.function_test
+  to   = cloudflare_zero_trust_device_posture_integration.function_test
+}
+
 # Additional edge cases
 resource "cloudflare_zero_trust_device_posture_integration" "minimal" {
   account_id = var.cloudflare_account_id
@@ -206,6 +280,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "minimal" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.minimal
+  to   = cloudflare_zero_trust_device_posture_integration.minimal
+}
+
 resource "cloudflare_zero_trust_device_posture_integration" "all_fields" {
   account_id = var.cloudflare_account_id
   name       = "${local.integration_prefix}-all-fields"
@@ -224,6 +303,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "all_fields" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.all_fields
+  to   = cloudflare_zero_trust_device_posture_integration.all_fields
+}
+
 resource "cloudflare_zero_trust_device_posture_integration" "no_interval" {
   account_id = var.cloudflare_account_id
   name       = "${local.integration_prefix}-no-interval"
@@ -236,6 +320,11 @@ resource "cloudflare_zero_trust_device_posture_integration" "no_interval" {
   }
 }
 
+moved {
+  from = cloudflare_device_posture_integration.no_interval
+  to   = cloudflare_zero_trust_device_posture_integration.no_interval
+}
+
 # Dynamic block example
 resource "cloudflare_zero_trust_device_posture_integration" "dynamic_test" {
   account_id = var.cloudflare_account_id
@@ -253,18 +342,7 @@ resource "cloudflare_zero_trust_device_posture_integration" "dynamic_test" {
   }
 }
 
-# Total resource instances:
-# - map_integrations: 3 (workspace_one, crowdstrike, uptycs)
-# - set_integrations: 3 (intune, kolide, sentinelone_s2s)
-# - count_integrations: 3
-# - conditional: 2
-# - primary: 1
-# - secondary: 1
-# - lifecycle_test: 1
-# - prevent_destroy: 1
-# - function_test: 1
-# - minimal: 1
-# - all_fields: 1
-# - no_interval: 1
-# - dynamic_test: 1
-# TOTAL: 20 resource instances
+moved {
+  from = cloudflare_device_posture_integration.dynamic_test
+  to   = cloudflare_zero_trust_device_posture_integration.dynamic_test
+}