cf-terraforming icon indicating copy to clipboard operation
cf-terraforming copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

cloudflare_zone list all zones even if particular account is specified

Open Arnall opened this issue 3 years ago • 0 comments

Confirmation

  • [X] My issue isn't already found on the issue tracker.
  • [X] I have replicated my issue using the latest version of the library and it is still present.

cf-terraforming version

v0.8.2

Expected outcome

when using cf-terraforming generate --resource-type cloudflare_zone --account 0123456789abcdef I expect having zones for the specified account:

resource "cloudflare_zone" "terraform_managed_resource_a7eb80xxxxxxxxxf24ffe" {
  account_id = "0123456789abcdef"
  paused     = false
  plan       = "enterprise"
  type       = "partial"
  zone       = "example1.com"
}

Actual outcome

I have all the zones listed with the same account_id attribute even if the zone belong to another account.

resource "cloudflare_zone" "terraform_managed_resource_a7eb80xxxxxxxxxf24ffe" {
  account_id = "0123456789abcdef"
  paused     = false
  plan       = "enterprise"
  type       = "partial"
  zone       = "example1.com"
}

resource "cloudflare_zone" "terraform_managed_resource_74b44xxxxxxxx79e01b" {
  account_id = "0123456789abcdef"
  paused     = false
  plan       = "enterprise"
  type       = "partial"
  zone       = "anotheraccount1.net"
}

resource "cloudflare_zone" "terraform_managed_resource_4d41b2ef0575xxxxxxxx05e83d3" {
  account_id = "0123456789abcdef"
  paused     = false
  plan       = "enterprise"
  type       = "partial"
  zone       = "anotheraccount2.net"
}

with generate -v:

cloudflare-go [DEBUG] REQUEST Method:GET URI:https://api.cloudflare.com/client/v4/zones?per_page=50 Headers:http.Header(nil) Body:<nil>
cloudflare-go [DEBUG] RESPONSE StatusCode:200 Body:"{\"result\":...
cloudflare-go [DEBUG] REQUEST Method:GET URI:https://api.cloudflare.com/client/v4/zones?page=2&per_page=50 Headers:http.Header(nil) Body:<nil>
cloudflare-go [DEBUG] RESPONSE StatusCode:200 Body:"{\"result\"...

we can see that the account id is not used in the API Call (https://api.cloudflare.com/#zone-list-zones account.id can be used to filter the results). Also

"account": {
                "id": "<account_id>",
                "name": "Account Name"
            }

is not used to fill the results so we have the account id passed in the command line in every zones. If we do not specify an account id in the command line the account_id attribute just do not appears:

resource "cloudflare_zone" "terraform_managed_resource_a7eb80xxxxxxxxxf24ffe" {
  paused     = false
  plan       = "enterprise"
  type       = "partial"
  zone       = "example1.com"
}

Steps to reproduce

  1. Token with Account.Access: Apps and Policies permission on all account.
  2. export CLOUDFLARE_API_TOKEN="<token>"
  3. cf-terraforming generate --resource-type cloudflare_zone --account <specific_account_id>

References

No response

Arnall avatar Aug 29 '22 14:08 Arnall