terraform-provider-cloudflare icon indicating copy to clipboard operation
terraform-provider-cloudflare copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

Internal error when deleting zone with universal_ssl = "off"

Open brandonstrohmeyer opened this issue 2 years ago • 5 comments

Confirmation

  • [X] My issue isn't already found on the issue tracker.
  • [X] I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.2.6 on darwin_amd64

  • provider registry.terraform.io/cloudflare/cloudflare v3.20.0

Affected resource(s)

cloudflare_zone_settings_override

Terraform configuration files

resource "cloudflare_zone" "this" {
  zone   = "ussl-debug.example.com"
  plan   = "enterprise"
  type   = "partial"
}

resource "cloudflare_zone_settings_override" "this" {
  zone_id = cloudflare_zone.this.id
  settings {
    universal_ssl = "off"
  }
}

Debug output

module.cloudflare_example.cloudflare_zone_settings_override.this: Destroying... [id=7b9f02ebe8222509c8b83eee46645146]
2022-08-02T10:07:09.443-0400 [INFO]  Starting apply for module.cloudflare_example.cloudflare_zone_settings_override.this
2022-08-02T10:07:09.443-0400 [DEBUG] module.cloudflare_example.cloudflare_zone_settings_override.this: applying the planned Delete change
2022-08-02T10:07:09.448-0400 [DEBUG] provider.terraform-provider-cloudflare_v3.20.0: Reverting Cloudflare Zone Settings to initial settings with update configuration: []cloudflare.ZoneSetting{cloudflare.ZoneSetting{ID:"universal_ssl", Editable:false, ModifiedOn:"", Value:"on", TimeRemaining:0}}: @caller=github.com/cloudflare/terraform-provider-cloudflare/internal/provider/resource_cloudflare_zone_settings_override.go:376 tf_req_id=0629bb05-1714-5915-39a2-b6866f633a1c @module=cloudflare tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_resource_type=cloudflare_zone_settings_override tf_rpc=ApplyResourceChange timestamp=2022-08-02T10:07:09.448-0400
2022-08-02T10:07:09.448-0400 [DEBUG] provider.terraform-provider-cloudflare_v3.20.0: Cloudflare API Request Details:
---[ REQUEST ]---------------------------------------
PATCH /client/v4/zones/7b9f02ebe8222509c8b83eee46645146/ssl/universal/settings HTTP/1.1
Host: api.cloudflare.com
User-Agent: terraform/1.1.9 terraform-plugin-sdk/2.10.1 terraform-provider-cloudflare/dev
Content-Length: 16
Content-Type: application/json
Accept-Encoding: gzip

{
 "enabled": true
}
-----------------------------------------------------: timestamp=2022-08-02T10:07:09.448-0400
2022-08-02T10:07:09.675-0400 [DEBUG] provider.terraform-provider-cloudflare_v3.20.0: Cloudflare API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 400 Bad Request
Connection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Cf-Cache-Status: DYNAMIC
Cf-Ray: 734760d46e13b136-ATL
Content-Type: application/json
Date: Tue, 02 Aug 2022 14:07:09 GMT
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires: Sun, 25 Jan 1981 05:00:00 GMT
Pragma: no-cache
Server: cloudflare
Set-Cookie: __cflb=0H28vgHxwvgAQtjUGU4vq74ZFe3sNVUZTpUUCuZEnUD; SameSite=Lax; path=/; expires=Tue, 02-Aug-22 16:37:10 GMT; HttpOnly
Set-Cookie: __cfruid=ff50a93b01aebbd491221891184bb8ca084dd825-1659449229; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

{
 "success": false,
 "errors": [
  {
   "code": 1005,
   "message": "Internal error encountered while processing change"
  }
 ],
 "messages": [],
 "result": null
}
-----------------------------------------------------: timestamp=2022-08-02T10:07:09.675-0400
2022-08-02T10:07:09.677-0400 [ERROR] provider.terraform-provider-cloudflare_v3.20.0: Response contains error diagnostic: @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:56 diagnostic_detail= diagnostic_severity=ERROR tf_proto_version=5.3 tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_rpc=ApplyResourceChange @module=sdk.proto diagnostic_summary="Internal error encountered while processing change (1005)" tf_req_id=0629bb05-1714-5915-39a2-b6866f633a1c tf_resource_type=cloudflare_zone_settings_override timestamp=2022-08-02T10:07:09.676-0400
2022-08-02T10:07:09.704-0400 [ERROR] vertex "module.cloudflare_example.cloudflare_zone_settings_override.this (destroy)" error: Internal error encountered while processing change (1005)

Panic output

No response

Expected output

Expected zone to delete

Actual output

Zone failed to delete with "Error: Internal error encountered while processing change (1005)"

Steps to reproduce

  1. Apply example Terraform above
  2. Destroy example Terraform above

Additional factoids

Based on debug output, the provider seems to try and enable Universal SSL prior to deleting the zone which results in an error from the API.

References

No response

brandonstrohmeyer avatar Aug 02 '22 17:08 brandonstrohmeyer

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

github-actions[bot] avatar Aug 02 '22 17:08 github-actions[bot]

Provider setup information has been pulled out of the debug file, but all other relevant debug info has been posted. If something specific is missing please let me know.

brandonstrohmeyer avatar Aug 02 '22 17:08 brandonstrohmeyer

as requested, please post the untruncated version of the debug output minus the sensitive credentials. this doesn't contain all the context required for debugging.

jacobbednarz avatar Aug 02 '22 22:08 jacobbednarz

Attaching the full debug output as a gist:

https://gist.github.com/brandonstrohmeyer/b9f4910e9ace9b249e6ec4af83f40630

brandonstrohmeyer avatar Aug 03 '22 01:08 brandonstrohmeyer

are you getting this if you apply it in two stages (zone first, wait, settings)? i'm wondering if this is a race condition between the zone creation and attempting to issue certificates for it.

jacobbednarz avatar Aug 08 '22 01:08 jacobbednarz

closing due to lack of feedback. if you're still getting this, please feel free to open a new issue and we can troubleshoot from there.

jacobbednarz avatar Nov 28 '22 22:11 jacobbednarz