terraform-provider-cloudflare
terraform-provider-cloudflare copied to clipboard
cloudflare
Error: error creating zone "test-abc.dev.test.com": Partial zone signup not allowed (1104)
Confirmation
- [X] My issue isn't already found on the issue tracker.
- [X] I have replicated my issue using the latest version of the provider and it is still present.
Terraform and Cloudflare provider version
Terraform v1.1.7 on darwin_amd64
cloudflare = {
source = "cloudflare/cloudflare"
version = "= 3.16.0"
}
Affected resource(s)
- cloudflare_zone
Terraform configuration files
terraform {
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
version = "= 3.16.0"
}
}
}
variable "cloudflare_api_token" {
description = "The API token for account"
type = string
sensitive = true
}
provider "cloudflare" {
alias = "sandbox"
api_token = var.cloudflare_api_token
}
resource "cloudflare_zone" "example" {
zone = "example.com"
type = "partial"
plan = "enterprise"
}
Debug output
module.waf-terraform-core.module.cloudflare.module.zone["test-abc.dev.test.com"].cloudflare_zone.this: Creating... ╷ │ Error: error creating zone "test-abc.dev.test.com": Partial zone signup not allowed (1104) │ │ with module.waf-terraform-core.module.cloudflare.module.zone["test-abc.dev.test.com"].cloudflare_zone.this, │ on .terraform/modules/waf-terraform-core/modules/cloudflare/modules/zone/main.tf line 1, in resource "cloudflare_zone" "this": │ 1: resource "cloudflare_zone" "this" { │ ╵
Panic output
No response
Expected output
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Actual output
module.waf-terraform-core.module.cloudflare.module.zone["test-abc.dev.test.com"].cloudflare_zone.this: Creating... ╷ │ Error: error creating zone "test-abc.dev.test.com": Partial zone signup not allowed (1104) │ │ with module.waf-terraform-core.module.cloudflare.module.zone["test-abc.dev.test.com"].cloudflare_zone.this, │ on .terraform/modules/waf-terraform-core/modules/cloudflare/modules/zone/main.tf line 1, in resource "cloudflare_zone" "this": │ 1: resource "cloudflare_zone" "this" { │ ╵
Steps to reproduce
- terraform init
- terraform plan
- terraform apply
Additional factoids
No response
References
No response
Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.
This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I validated that the token had enough permissions to create the zone using the API:
- POST {{base_url}}/client/v4/zones
- PATCH {{base_url}}/client/v4/zones/{{zone_id}}
Cloudflare support ticket number: https://support.cloudflare.com/hc/requests/2517132
this is an entitlement restriction and not something controlled in the provider. I'd recommend getting in touch with your account team to check the entitlement or make sure you are providing the correct account details for the zone creation.
Its strange that I can use the token to create resources via the API but when I use it in the Terraform provider it fails.
you can compare the HTTP requests made by the provider to work out what differences are present. past experience would suggest missing the correct account ID on the request where the entitlement is assigned.