terraform-provider-cloudflare
terraform-provider-cloudflare copied to clipboard
cloudflare
`cloudflare_zone_setting` is missing some ids
Confirmation
- [x] This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
- [x] I have searched the issue tracker and my issue isn't already found.
- [x] I have replicated my issue using the latest version of the provider and it is still present.
Terraform and Cloudflare provider version
Terraform v1.11.1 on darwin_arm64
- provider registry.terraform.io/cloudflare/cloudflare v5.1.0
- provider registry.terraform.io/hashicorp/tls v4.0.6
Affected resource(s)
cloudflare_zone_setting
Terraform configuration files
resource "cloudflare_zone_setting" "filter_logs_to_cloudflare" {
zone_id = cloudflare_zone.ex_os_net_zone.id
setting_id = "filter_logs_to_cloudflare"
id = "filter_logs_to_cloudflare"
value = "off"
}
resource "cloudflare_zone_setting" "log_to_cloudflare" {
zone_id = cloudflare_zone.ex_os_net_zone.id
setting_id = "log_to_cloudflare"
id = "log_to_cloudflare"
value = "on"
}
resource "cloudflare_zone_setting" "visitor_ip" {
zone_id = cloudflare_zone.ex_os_net_zone.id
setting_id = "visitor_ip"
id = "visitor_ip"
value = "on"
}
Link to debug output
n/a
Panic output
No response
Expected output
Clean plan output
Actual output
Error: Invalid Attribute Value Match │ │ with cloudflare_zone_setting.filter_logs_to_cloudflare, │ on main.tf line 257, in resource "cloudflare_zone_setting" "filter_logs_to_cloudflare": │ 257: id = "filter_logs_to_cloudflare" │ │ Attribute id value must be one of: ["0rtt" "advanced_ddos" "aegis" │ "always_online" "always_use_https" "automatic_https_rewrites" "brotli" │ "browser_cache_ttl" "browser_check" "cache_level" "challenge_ttl" "ciphers" │ "cname_flattening" "development_mode" "early_hints" "edge_cache_ttl" │ "email_obfuscation" "h2_prioritization" "hotlink_protection" "http2" │ "http3" "image_resizing" "ip_geolocation" "ipv6" "max_upload" │ "min_tls_version" "mirage" "nel" "opportunistic_encryption" │ "opportunistic_onion" "orange_to_orange" "origin_error_page_pass_thru" │ "origin_h2_max_streams" "origin_max_http_version" "polish" │ "prefetch_preload" "privacy_pass" "proxy_read_timeout" "pseudo_ipv4" │ "replace_insecure_js" "response_buffering" "rocket_loader" │ "automatic_platform_optimization" "security_header" "security_level" │ "server_side_exclude" "sha1_support" "sort_query_string_for_cache" "ssl" │ "ssl_recommender" "tls_1_2_only" "tls_1_3" "tls_client_auth" │ "true_client_ip_header" "waf" "webp" "websockets"], got: │ "filter_logs_to_cloudflare" ╵ ╷ │ Error: Invalid Attribute Value Match │ │ with cloudflare_zone_setting.log_to_cloudflare, │ on main.tf line 264, in resource "cloudflare_zone_setting" "log_to_cloudflare": │ 264: id = "log_to_cloudflare" │ │ Attribute id value must be one of: ["0rtt" "advanced_ddos" "aegis" │ "always_online" "always_use_https" "automatic_https_rewrites" "brotli" │ "browser_cache_ttl" "browser_check" "cache_level" "challenge_ttl" "ciphers" │ "cname_flattening" "development_mode" "early_hints" "edge_cache_ttl" │ "email_obfuscation" "h2_prioritization" "hotlink_protection" "http2" │ "http3" "image_resizing" "ip_geolocation" "ipv6" "max_upload" │ "min_tls_version" "mirage" "nel" "opportunistic_encryption" │ "opportunistic_onion" "orange_to_orange" "origin_error_page_pass_thru" │ "origin_h2_max_streams" "origin_max_http_version" "polish" │ "prefetch_preload" "privacy_pass" "proxy_read_timeout" "pseudo_ipv4" │ "replace_insecure_js" "response_buffering" "rocket_loader" │ "automatic_platform_optimization" "security_header" "security_level" │ "server_side_exclude" "sha1_support" "sort_query_string_for_cache" "ssl" │ "ssl_recommender" "tls_1_2_only" "tls_1_3" "tls_client_auth" │ "true_client_ip_header" "waf" "webp" "websockets"], got: │ "log_to_cloudflare" ╵ ╷ │ Error: Invalid Attribute Value Match │ │ with cloudflare_zone_setting.visitor_ip, │ on main.tf line 320, in resource "cloudflare_zone_setting" "visitor_ip": │ 320: id = "visitor_ip" │ │ Attribute id value must be one of: ["0rtt" "advanced_ddos" "aegis" │ "always_online" "always_use_https" "automatic_https_rewrites" "brotli" │ "browser_cache_ttl" "browser_check" "cache_level" "challenge_ttl" "ciphers" │ "cname_flattening" "development_mode" "early_hints" "edge_cache_ttl" │ "email_obfuscation" "h2_prioritization" "hotlink_protection" "http2" │ "http3" "image_resizing" "ip_geolocation" "ipv6" "max_upload" │ "min_tls_version" "mirage" "nel" "opportunistic_encryption" │ "opportunistic_onion" "orange_to_orange" "origin_error_page_pass_thru" │ "origin_h2_max_streams" "origin_max_http_version" "polish" │ "prefetch_preload" "privacy_pass" "proxy_read_timeout" "pseudo_ipv4" │ "replace_insecure_js" "response_buffering" "rocket_loader" │ "automatic_platform_optimization" "security_header" "security_level" │ "server_side_exclude" "sha1_support" "sort_query_string_for_cache" "ssl" │ "ssl_recommender" "tls_1_2_only" "tls_1_3" "tls_client_auth" │ "true_client_ip_header" "waf" "webp" "websockets"], got: "visitor_ip" ╵
Steps to reproduce
Import resources from Cloudflare API
terraform plan
Additional factoids
I get valid responses back from the zone settings IP for these and they imported cleanly:
{
"result": {
"id": "visitor_ip",
"value": "on",
"modified_on": null,
"editable": true
},
"success": true,
"errors": [],
"messages": []
}
{
"result": {
"id": "log_to_cloudflare",
"value": "on",
"modified_on": null,
"editable": true
},
"success": true,
"errors": [],
"messages": []
}
{
"result": {
"id": "filter_logs_to_cloudflare",
"value": "off",
"modified_on": null,
"editable": true
},
"success": true,
"errors": [],
"messages": []
}
### References
_No response_
these are not documented settings so they will not be present in the provider. i'll pass this along to the internal teams but there is no ETA available.
@jacobbednarz Regarding this issue — in v4, we were configuring security_header like this:
resource "cloudflare_zone_settings_override" "setting" {
# HSTS
security_header {
enabled = true
max_age = 31536000 # 1 year
include_subdomains = true
}
}
However, it seems that in v5, this can no longer be expressed using cloudflare_zone_setting. Is there a recommended way to handle this in v5, or should we just wait for a future update?
@tjun you can see an example in the test data of configuring HSTS - https://github.com/cloudflare/terraform-provider-cloudflare/blob/main/internal/services/zone_setting/testdata/hsts.tf
@jacobbednarz That example (hsts) does not work for me, this is the error I get:
cloudflare_zone_setting.security_header: Modifying... [id=security_header]
╷
│ Error: Request cancelled
│
│ The plugin6.(*GRPCProvider).UpgradeResourceState request was cancelled.
╵
╷
│ Error: Plugin did not respond
│
│ The plugin encountered an error, and failed to respond to the plugin6.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain more details.
╵
Stack trace from the terraform-provider-cloudflare_v5.3.0 plugin:
panic: interface conversion: attr.Value is basetypes.StringValue, not basetypes.ObjectValue
goroutine 65 [running]:
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.encoder.newTerraformTypeEncoder.func11({0x4a0d938?, 0xc0013386f0?})
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:425 +0x156
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.encoder.newTerraformTypeEncoder.(*encoder).terraformUnwrappedDynamicEncoder.func24({0x4a0d428?, 0xc0013385d0?}, {0x4a0d938?, 0xc0013386f0?})
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:342 +0xe2
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.encoder.newTerraformTypeEncoder.(*encoder).terraformUnwrappedDynamicEncoder.encoder.handleNullAndUndefined.func34({0x42074c0?, 0xc0013385d0?, 0x42074c0?}, {0x4116820?, 0xc0013386f0?, 0x4116820?})
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:376 +0x2a6
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.encoder.newTerraformTypeEncoder.func12({0x4162f00?, 0xc0001edf38?, 0xc0010a2b50?}, {0x4162f00?, 0xc001350048?, 0xc00133d810?})
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:443 +0x384
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.(*encoder).newStructTypeEncoder.func3({0x4120780?, 0xc0001edef0?, 0x4120780?}, {0x4120780?, 0xc001350000?, 0x7f1ea48faad0?})
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:551 +0x1f9
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.(*encoder).marshal(0x40e365?, {0x4120780?, 0xc0001edef0?}, {0x4120780?, 0xc001350000?})
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:101 +0x17e
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.MarshalForPatch({0x4120780, 0xc0001edef0}, {0x4120780, 0xc001350000})
github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:49 +0x65
github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_setting.ZoneSettingModel.MarshalJSONForUpdate(...)
github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_setting/model.go:30
github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_setting.(*ZoneSettingResource).Update(0xc000ec46c0, {0x4a01a78, 0xc001313dd0}, {{{{0x4a97e58, 0xc001323d40}, {0x3928660, 0xc0013235c0}}, {0x4acd430, 0xc000f8fbd0}}, {{{0x4a97e58, ...}, ...}, ...}, ...}, ...)
github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_setting/resource.go:116 +0x2c5
github.com/hashicorp/terraform-plugin-framework/internal/fwserver.(*Server).UpdateResource(0xc000a48b48, {0x4a01a78, 0xc001313dd0}, 0xc0010a3438, 0xc0010a3410)
github.com/hashicorp/[email protected]/internal/fwserver/server_updateresource.go:122 +0x6ee
github.com/hashicorp/terraform-plugin-framework/internal/fwserver.(*Server).ApplyResourceChange(0xc000a48b48, {0x4a01a78, 0xc001313dd0}, 0xc0013188c0, 0xc0010a35f8)
github.com/hashicorp/[email protected]/internal/fwserver/server_applyresourcechange.go:102 +0x192
github.com/hashicorp/terraform-plugin-framework/internal/proto6server.(*Server).ApplyResourceChange(0xc000a48b48, {0x4a01a78?, 0xc001313ce0?}, 0xc001318820)
github.com/hashicorp/[email protected]/internal/proto6server/server_applyresourcechange.go:55 +0x38e
github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server.(*server).ApplyResourceChange(0xc0009fec80, {0x4a01a78?, 0xc001313290?}, 0xc0001ea3f0)
github.com/hashicorp/[email protected]/tfprotov6/tf6server/server.go:866 +0x3bc
github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6._Provider_ApplyResourceChange_Handler({0x4388300, 0xc0009fec80}, {0x4a01a78, 0xc001313290}, 0xc00131a400, 0x0)
github.com/hashicorp/[email protected]/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:611 +0x1a6
google.golang.org/grpc.(*Server).processUnaryRPC(0xc00003a200, {0x4a01a78, 0xc001313200}, 0xc0001bec00, 0xc000efe630, 0x82a50d8, 0x0)
google.golang.org/[email protected]/server.go:1405 +0x103b
google.golang.org/grpc.(*Server).handleStream(0xc00003a200, {0x4a077f0, 0xc0001b3a00}, 0xc0001bec00)
google.golang.org/[email protected]/server.go:1815 +0xbaa
google.golang.org/grpc.(*Server).serveStreams.func2.1()
google.golang.org/[email protected]/server.go:1035 +0x7f
created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 30
google.golang.org/[email protected]/server.go:1046 +0x125
Error: The terraform-provider-cloudflare_v5.3.0 plugin crashed!
This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.
Also, why is "id" required (and the same as "setting_id") when the docs state that it is not?
│ Error: failed to make http request
│
│ with cloudflare_zone_setting.ssl,
│ on cloudflare.tf line 48, in resource "cloudflare_zone_setting" "ssl":
│ 48: resource "cloudflare_zone_setting" "ssl" {
│
│ PATCH "https://api.cloudflare.com/client/v4/zones/************************/settings/ssl": 400 Bad Request {"success":false,"errors":[{"code":1007,"message":"Invalid
│ value for zone setting ssl"}],"messages":[],"result":null}
I had to add the following to
@jacobbednarz That example (hsts) does not work for me, this is the error I get:
cloudflare_zone_setting.security_header: Modifying... [id=security_header] ╷ │ Error: Request cancelled │ │ The plugin6.(*GRPCProvider).UpgradeResourceState request was cancelled. ╵ ╷ │ Error: Plugin did not respond │ │ The plugin encountered an error, and failed to respond to the plugin6.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain more details. ╵ Stack trace from the terraform-provider-cloudflare_v5.3.0 plugin: panic: interface conversion: attr.Value is basetypes.StringValue, not basetypes.ObjectValue goroutine 65 [running]: github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.encoder.newTerraformTypeEncoder.func11({0x4a0d938?, 0xc0013386f0?}) github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:425 +0x156 github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.encoder.newTerraformTypeEncoder.(*encoder).terraformUnwrappedDynamicEncoder.func24({0x4a0d428?, 0xc0013385d0?}, {0x4a0d938?, 0xc0013386f0?}) github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:342 +0xe2 github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.encoder.newTerraformTypeEncoder.(*encoder).terraformUnwrappedDynamicEncoder.encoder.handleNullAndUndefined.func34({0x42074c0?, 0xc0013385d0?, 0x42074c0?}, {0x4116820?, 0xc0013386f0?, 0x4116820?}) github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:376 +0x2a6 github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.encoder.newTerraformTypeEncoder.func12({0x4162f00?, 0xc0001edf38?, 0xc0010a2b50?}, {0x4162f00?, 0xc001350048?, 0xc00133d810?}) github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:443 +0x384 github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.(*encoder).newStructTypeEncoder.func3({0x4120780?, 0xc0001edef0?, 0x4120780?}, {0x4120780?, 0xc001350000?, 0x7f1ea48faad0?}) github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:551 +0x1f9 github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.(*encoder).marshal(0x40e365?, {0x4120780?, 0xc0001edef0?}, {0x4120780?, 0xc001350000?}) github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:101 +0x17e github.com/cloudflare/terraform-provider-cloudflare/internal/apijson.MarshalForPatch({0x4120780, 0xc0001edef0}, {0x4120780, 0xc001350000}) github.com/cloudflare/terraform-provider-cloudflare/internal/apijson/encoder.go:49 +0x65 github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_setting.ZoneSettingModel.MarshalJSONForUpdate(...) github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_setting/model.go:30 github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_setting.(*ZoneSettingResource).Update(0xc000ec46c0, {0x4a01a78, 0xc001313dd0}, {{{{0x4a97e58, 0xc001323d40}, {0x3928660, 0xc0013235c0}}, {0x4acd430, 0xc000f8fbd0}}, {{{0x4a97e58, ...}, ...}, ...}, ...}, ...) github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_setting/resource.go:116 +0x2c5 github.com/hashicorp/terraform-plugin-framework/internal/fwserver.(*Server).UpdateResource(0xc000a48b48, {0x4a01a78, 0xc001313dd0}, 0xc0010a3438, 0xc0010a3410) github.com/hashicorp/[email protected]/internal/fwserver/server_updateresource.go:122 +0x6ee github.com/hashicorp/terraform-plugin-framework/internal/fwserver.(*Server).ApplyResourceChange(0xc000a48b48, {0x4a01a78, 0xc001313dd0}, 0xc0013188c0, 0xc0010a35f8) github.com/hashicorp/[email protected]/internal/fwserver/server_applyresourcechange.go:102 +0x192 github.com/hashicorp/terraform-plugin-framework/internal/proto6server.(*Server).ApplyResourceChange(0xc000a48b48, {0x4a01a78?, 0xc001313ce0?}, 0xc001318820) github.com/hashicorp/[email protected]/internal/proto6server/server_applyresourcechange.go:55 +0x38e github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server.(*server).ApplyResourceChange(0xc0009fec80, {0x4a01a78?, 0xc001313290?}, 0xc0001ea3f0) github.com/hashicorp/[email protected]/tfprotov6/tf6server/server.go:866 +0x3bc github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6._Provider_ApplyResourceChange_Handler({0x4388300, 0xc0009fec80}, {0x4a01a78, 0xc001313290}, 0xc00131a400, 0x0) github.com/hashicorp/[email protected]/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:611 +0x1a6 google.golang.org/grpc.(*Server).processUnaryRPC(0xc00003a200, {0x4a01a78, 0xc001313200}, 0xc0001bec00, 0xc000efe630, 0x82a50d8, 0x0) google.golang.org/[email protected]/server.go:1405 +0x103b google.golang.org/grpc.(*Server).handleStream(0xc00003a200, {0x4a077f0, 0xc0001b3a00}, 0xc0001bec00) google.golang.org/[email protected]/server.go:1815 +0xbaa google.golang.org/grpc.(*Server).serveStreams.func2.1() google.golang.org/[email protected]/server.go:1035 +0x7f created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 30 google.golang.org/[email protected]/server.go:1046 +0x125 Error: The terraform-provider-cloudflare_v5.3.0 plugin crashed! This is always indicative of a bug within the plugin. It would be immensely helpful if you could report the crash with the plugin's maintainers so that it can be fixed. The output above should help diagnose the issue.Also, why is "id" required (and the same as "setting_id") when the docs state that it is not?
│ Error: failed to make http request │ │ with cloudflare_zone_setting.ssl, │ on cloudflare.tf line 48, in resource "cloudflare_zone_setting" "ssl": │ 48: resource "cloudflare_zone_setting" "ssl" { │ │ PATCH "https://api.cloudflare.com/client/v4/zones/************************/settings/ssl": 400 Bad Request {"success":false,"errors":[{"code":1007,"message":"Invalid │ value for zone setting ssl"}],"messages":[],"result":null}
I had the same issues and fixed it by adding the following:
lifecycle {
ignore_changes = [id]
}
This issue hasn't been updated in a while. If it's still reproducing, please comment to let us know. Thank you!
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue hasn't been updated in a while. If it's still reproducing, please comment to let us know. Thank you!