cloudflare-docs icon indicating copy to clipboard operation
cloudflare-docs copied to clipboard
verified publisher icon cloudflare

Inconsistency in Zero Trust permission naming

Open tomasbedrich opened this issue 1 year ago • 2 comments

Existing documentation URL(s)

https://developers.cloudflare.com/fundamentals/api/reference/permissions/

What changes are you suggesting?

There is a permission called "Zero Trust Write", which is available in the UI to assign to the API token. All good so far. ✅

However, when I try to assign this permission to the API token using Terraform (-> using API under the hood), it fails due to "Zero Trust Write" missing in the list of available permissions. I am using the suggested pattern. 😳

I traced it down using List Token Permission Groups endpoint, where the mentioned "Zero Trust Write" permission is not present at all. This is a clear inconsistency between docs and API. Likely there are more of the "Zero Trust ***" permissions which are incorrect.

Using reverse-engineering – i.e. by setting the permissions using UI, refreshing the Terraform resource and reading the Terraform state - I discovered the "Zero Trust Edit" (UI) permission corresponds to the "Teams Write" (API) permission.

I can see two possible resolutions:

  1. Unify permissions used in UI and API. (preferably)
  2. Provide a translation table in the docs.

Additional information

No response

tomasbedrich avatar Oct 06 '24 21:10 tomasbedrich

Hey @tomasbedrich thanks for flagging. I've opened an internal ticket (PCX-14250) to track this issue. We're investigating what it would take to update the permission names used by the API/Terraform, as they're not something the dev docs team can update directly.

ranbel avatar Oct 17 '24 22:10 ranbel

We've fixed the "Teams Read/Write" permission in the API/Terraform. It's now called "Zero Trust Read/Write" to match the UI.

ranbel avatar Mar 06 '25 19:03 ranbel