Merge branch 'main' into feat/healthcheck-v4-to-v5-migration

Author: ssicard

.github/workflows/ci.yml

@@ -0,0 +1,103 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - '**'  # Run on all branches
+  pull_request:
+    branches:
+      - '**'  # Run on PRs to any branch
+
+jobs:
+  unit-tests:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: ./go.mod
+
+      - name: Get dependencies
+        run: |
+          go mod download
+          go mod tidy
+
+      - name: Run unit tests with coverage
+        run: |
+          go test -v -race -coverprofile=coverage.out -covermode=atomic ./internal/...
+          go test -v -race ./cmd/...
+
+      - name: Generate coverage report
+        run: |
+          echo "Coverage Report:"
+          go tool cover -func=coverage.out
+
+  integration-tests:
+    name: Integration Tests
+    runs-on: ubuntu-latest
+    needs: unit-tests
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: ./go.mod
+
+      - name: Get dependencies
+        run: |
+          go mod download
+          go mod tidy
+
+      - name: Build tf-migrate
+        run: |
+          go build -o tf-migrate ./cmd/tf-migrate
+          ./tf-migrate version
+
+      - name: Run integration tests for v4 to v5
+        run: |
+          cd integration/v4_to_v5
+          go test -v -race -timeout 10m
+
+  e2e-tests:
+    name: E2E Tests
+    runs-on: ubuntu-latest
+    needs: integration-tests
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: ./go.mod
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.9.8"
+
+      - name: Get dependencies
+        run: |
+          go mod download
+          go mod tidy
+
+      - name: Run E2E tests
+        env:
+          CLOUDFLARE_API_KEY: ${{ secrets.CLOUDFLARE_API_KEY }}
+          CLOUDFLARE_EMAIL: ${{ secrets.CLOUDFLARE_EMAIL }}
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
+          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
+          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
+        run: |
+          ./scripts/run-e2e-tests

.gitignore

@@ -0,0 +1,28 @@
+tf-migrate
+.terraformrc-tf-migrate
+
+# Local provider dev overrides
+.terraformrc-tf-migrate
+
+# E2E test files
+# Ignore v4 directory except provider.tf and backend.hcl
+e2e/tf/v4/*
+!e2e/tf/v4/provider.tf
+!e2e/tf/v4/backend.hcl
+
+# Migrated output
+e2e/migrated-v4_to_v5/
+
+# E2E test outputs
+e2e/tmp/
+
+# E2E test state files (stored in remote backend)
+e2e/tf/v4/terraform.tfstate*
+e2e/tf/v5/terraform.tfstate*
+
+# Backend configuration with secrets (generated at runtime)
+e2e/tf/v4/backend.configured.hcl
+
+# Backup files
+e2e/*.backup
+e2e/*.tfstate.backup

Makefile

@@ -0,0 +1,15 @@
+# tf-migrate Makefile
+
+BINARY_NAME := tf-migrate
+GO := go
+MAIN_PACKAGE := ./cmd/tf-migrate
+
+.PHONY: build test
+
+# Build the binary
+build:
+	$(GO) build -v -o $(BINARY_NAME) $(MAIN_PACKAGE)
+
+# Run unit tests
+test:
+	$(GO) test -v -race ./...

README.md

@@ -1 +1,207 @@
-# tf-migrate
+# tf-migrate - Cloudflare Terraform Provider Migration Tool
+
+A powerful CLI tool for automatically migrating Terraform configurations and state files between different versions of the Cloudflare Terraform Provider.
+
+## Overview
+
+`tf-migrate` helps you upgrade your Terraform infrastructure code by automatically transforming:
+- **Configuration files** (`.tf`) - Updates resource types, attribute names, and block structures
+- **State files** (`terraform.tfstate`) - Migrates resource state to match new provider schemas
+
+Currently supports migrations:
+- **v4 → v5**: Cloudflare Provider v4 to v5
+
+## Installation
+
+### Building from Source
+
+```bash
+# Clone the repository
+git clone <repository-url>
+cd tf-migrate
+
+# Build the binary
+make
+
+# The binary will be available as ./tf-migrate
+```
+
+### Requirements
+- Go 1.25 or later
+- Make
+- Terraform (for testing migrated configurations)
+
+## Usage
+
+### Authentication
+
+Some resource migrations require access to the Cloudflare API to complete the migration successfully. The tool supports two authentication methods:
+
+**Option 1: API Token (Recommended)**
+```bash
+export CLOUDFLARE_API_TOKEN="your-api-token"
+```
+
+**Option 2: API Key + Email**
+```bash
+export CLOUDFLARE_API_KEY="your-api-key"
+export CLOUDFLARE_EMAIL="your-email@example.com"
+```
+
+#### Resources Requiring Authentication
+
+The following resources require API credentials for complete migration:
+
+- `cloudflare_tunnel_route` → `cloudflare_zero_trust_tunnel_cloudflared_route`
+  - **Why**: The v4 provider stored network CIDR as the resource ID, but v5 requires the UUID from the API. The migration queries the API to fetch the correct UUID for your tunnel routes.
+  - **Without credentials**: The migration will still update resource types and attributes, but you'll need to run `terraform refresh` after migration to update the IDs.
+
+### Basic Migration
+
+Migrate all Terraform files in the current directory:
+
+```bash
+tf-migrate migrate --source-version v4 --target-version v5
+```
+
+### Migrate Specific Directory
+
+```bash
+tf-migrate migrate --config-dir ./terraform --source-version v4 --target-version v5
+```
+
+### Include State File Migration
+
+```bash
+tf-migrate migrate \
+  --config-dir ./terraform \
+  --state-file terraform.tfstate \
+  --source-version v4 \
+  --target-version v5
+```
+
+### Dry Run Mode
+
+Preview changes without modifying files:
+
+```bash
+tf-migrate migrate --dry-run --source-version v4 --target-version v5
+```
+
+### Migrate Specific Resources Only
+
+```bash
+tf-migrate migrate \
+  --resources dns_record,zero_trust_list \
+  --source-version v4 \
+  --target-version v5
+```
+
+### Output to Different Directory
+
+```bash
+tf-migrate migrate \
+  --config-dir ./terraform \
+  --output-dir ./terraform-v5 \
+  --state-file terraform.tfstate \
+  --output-state terraform-v5.tfstate \
+  --source-version v4 \
+  --target-version v5
+```
+
+## Command Reference
+
+### Global Flags
+
+| Flag | Description | Default |
+|------|-------------|---------|
+| `--config-dir` | Directory containing Terraform configuration files | Current directory |
+| `--state-file` | Path to Terraform state file | None |
+| `--source-version` | Source provider version (e.g., v4) | Required |
+| `--target-version` | Target provider version (e.g., v5) | Required |
+| `--resources` | Comma-separated list of resources to migrate | All resources |
+| `--dry-run` | Preview changes without modifying files | false |
+| `--log-level` | Set log level (debug, info, warn, error, off) | warn |
+
+### Migrate Command Flags
+
+| Flag | Description | Default |
+|------|-------------|---------|
+| `--output-dir` | Output directory for migrated configuration files | In-place |
+| `--output-state` | Output path for migrated state file | In-place |
+| `--backup` | Create backup of original files before migration | true |
+
+### Running Tests
+
+#### Unit Tests
+
+Run all unit tests:
+```bash
+go test ./...
+```
+
+Run tests for a specific package:
+```bash
+go test ./internal/resources/dns_record -v
+```
+
+Run with coverage:
+```bash
+go test ./... -cover
+```
+
+#### Integration Tests
+
+Integration tests verify the complete migration workflow using real configuration and state files.
+
+```bash
+# Run all v4 to v5 integration tests
+cd integration/v4_to_v5
+go test -v
+
+# Run tests for a specific resource
+go test -v -run TestV4ToV5Migration/DNSRecord
+
+# Test a single resource using environment variable
+TEST_RESOURCE=dns_record go test -v -run TestSingleResource
+
+# Run with detailed diff output (set KEEP_TEMP to see test directory)
+KEEP_TEMP=true TEST_RESOURCE=dns_record go test -v -run TestSingleResource
+```
+
+##### Test Organization
+
+Integration tests are organized by version migration path:
+- `integration/test_runner.go` - Shared test runner used by all version tests
+- `integration/v4_to_v5/` - Tests for v4 to v5 migrations
+  - `integration_test.go` - Test suite specific to v4→v5
+  - `testdata/` - Test fixtures for each resource
+- Future: `integration/v5_to_v6/` - Tests for v5 to v6 migrations
+  - `integration_test.go` - Test suite specific to v5→v6
+  - `testdata/` - Test fixtures for each resource
+
+Each version migration has its own test suite with explicit migration registration, while sharing the common test runner infrastructure.
+
+#### End-to-End Tests
+
+E2E tests validate the complete migration workflow with real Cloudflare resources. These tests:
+1. Apply v4 Terraform configs to create real infrastructure
+2. Run the migration tool to generate v5 configs
+3. Apply v5 configs and verify no changes are needed
+4. Compare v4 and v5 state to ensure equivalence
+
+**Requirements:**
+- Cloudflare API credentials for "Terraform Test" account (set as `CLOUDFLARE_API_KEY` and `CLOUDFLARE_EMAIL`)
+- Terraform installed
+
+```bash
+# Run all E2E tests
+./scripts/run-e2e-tests
+
+# Run E2E tests for specific resources only
+./scripts/run-e2e-tests --resources dns_record,api_token
+```
+
+**Output:**
+- Test logs saved to `e2e/tmp/*.log`
+- State snapshots saved to `e2e/tmp/*-state.json`