terraform-provider-cloudflare
terraform-provider-cloudflare copied to clipboard
Published
20 hours ago •
cloudflare
cloudflare
cloudflare_zone_settings_override Error: Plugin did not respond
Confirmation
- [X] My issue isn't already found on the issue tracker.
- [X] I have replicated my issue using the latest version of the provider and it is still present.
Terraform and Cloudflare provider version
Terraform v1.1.7 on darwin_amd64
Affected resource(s)
cloudflare_zone_settings_override
Terraform configuration files
locals {
settings = {
always_online = "off"
always_use_https = "on"
automatic_https_rewrites = "off"
binary_ast = "off"
brotli = "off"
browser_check = "on"
development_mode = "off"
early_hints = "off"
email_obfuscation = "on"
filter_logs_to_cloudflare = "off"
hotlink_protection = "off"
http2 = "on"
http3 = "off"
ip_geolocation = "on"
ipv6 = "on"
log_to_cloudflare = "on"
mirage = "off"
opportunistic_encryption = "off"
opportunistic_onion = "on"
orange_to_orange = "off"
origin_error_page_pass_thru = "off"
prefetch_preload = "off"
privacy_pass = "on"
response_buffering = "off"
rocket_loader = "off"
server_side_exclude = "on"
sort_query_string_for_cache = "off"
tls_client_auth = "off"
true_client_ip_header = "off"
universal_ssl = "off"
visitor_ip = "on"
waf = "on"
webp = null
websockets = "on"
zero_rtt = "off"
### String Values
cache_level = "aggressive"
cname_flattening = "flatten_at_root"
h2_prioritization = "off"
image_resizing = "off"
min_tls_version = "1.2"
polish = "off"
proxy_read_timeout = "100"
pseudo_ipv4 = "off"
security_level = "medium"
ssl = "full"
tls_1_3 = "on"
### Integer Values
browser_cache_ttl = 14400
challenge_ttl = 1800
max_upload = 100
### List Objects
ciphers = []
### Nested Objects
minify = {
css = "off"
html = "off"
js = "off"
}
# mobile_redirect {
# mobile_subdomain = "required string value"
# status = "off"
# strip_uri = false
# }
security_header = {
enabled = false
include_subdomains = false
max_age = 0
nosniff = false
preload = false
}
}
}
resource "cloudflare_zone_settings_override" "mobile_redirect" {
count = local.contains_mobile_redirect ? 1: 0
zone_id = var.zone_id
settings {
### Nested Objects
mobile_redirect {
# Note when mobile redirect is set all the settings are required
mobile_subdomain = var.settings.mobile_redirect.mobile_subdomain
status = var.settings.mobile_redirect.status
strip_uri = var.settings.mobile_redirect.strip_uri
}
}
}
resource "cloudflare_zone_settings_override" "enforced_settings" {
depends_on = [cloudflare_zone_settings_override.mobile_redirect]
count = var.enforce_configuration? 1 : 0
zone_id = var.zone_id
settings {
### On/Off Values
always_online = local.settings.always_online
always_use_https = local.settings.always_use_https
automatic_https_rewrites = local.settings.automatic_https_rewrites
binary_ast = local.settings.binary_ast
brotli = local.settings.brotli
browser_check = local.settings.browser_check
development_mode = local.settings.development_mode
early_hints = local.settings.early_hints
email_obfuscation = local.settings.email_obfuscation
filter_logs_to_cloudflare = local.settings.filter_logs_to_cloudflare
hotlink_protection = local.settings.hotlink_protection
http2 = local.settings.http2
http3 = local.settings.http3
ip_geolocation = local.settings.ip_geolocation
ipv6 = local.settings.ipv6
log_to_cloudflare = local.settings.log_to_cloudflare
mirage = local.settings.mirage
# opportunistic_encryption (default value depends on the zone's plan level)
opportunistic_onion = local.settings.opportunistic_onion
orange_to_orange = local.settings.orange_to_orange
origin_error_page_pass_thru = local.settings.origin_error_page_pass_thru
prefetch_preload = local.settings.prefetch_preload
privacy_pass = local.settings.privacy_pass
response_buffering = local.settings.response_buffering
rocket_loader = local.settings.rocket_loader
server_side_exclude = local.settings.server_side_exclude
sort_query_string_for_cache = local.settings.sort_query_string_for_cache
tls_client_auth = local.settings.tls_client_auth
true_client_ip_header = local.settings.true_client_ip_header
universal_ssl = local.settings.universal_ssl
visitor_ip = local.settings.visitor_ip
waf = local.settings.waf
webp = local.settings.webp
websockets = local.settings.websockets
zero_rtt = local.settings.zero_rtt
### String Values
cache_level = local.settings.cache_level
cname_flattening = local.settings.cname_flattening
h2_prioritization = local.settings.h2_prioritization
image_resizing = local.settings.image_resizing
min_tls_version = local.settings.min_tls_version
polish = local.settings.polish
proxy_read_timeout = local.settings.proxy_read_timeout
pseudo_ipv4 = local.settings.pseudo_ipv4
security_level = local.settings.security_level
ssl = local.settings.ssl
tls_1_3 = local.settings.tls_1_3
### Integer Values
browser_cache_ttl = local.settings.browser_cache_ttl
challenge_ttl = local.settings.challenge_ttl
max_upload = local.settings.max_upload
### List Objects
ciphers = local.settings.ciphers
### Nested Objects
minify {
css = local.settings.minify.css
html = local.settings.minify.html
js = local.settings.minify.js
}
security_header {
enabled = local.settings.security_header.enabled
include_subdomains = local.settings.security_header.include_subdomains
max_age = local.settings.security_header.max_age
nosniff = local.settings.security_header.nosniff
preload = local.settings.security_header.preload
}
}
}
Debug output
Please see log file below
Steps to reproduce
- terraform init
- terraform apply -auto-approve
Additional factoids
The zone is active and the zone type is partial
References
No response
The log file was too large for the comment section. Here's the full log file:
@istvanfedak are you still able to replicate this without using your module? i tried with a basic example and i'm not able to see it break.
additionally, you should only include the resources you are overriding, not all of them as you are likely to get some plan dependant issues - https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zone_settings_override#plan-dependent-settings
closing as unresolved but do feel free to raise a new issue if you are still having issues on the latest version and have a minimal reproduction case we can work with.