cloudflare_tunnel data source returning inactive tunnel with same name

[davidholsgrove]

Confirmation

• [X] My issue isn't already found on the issue tracker.
• [X] I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.5.7 on linux_amd64

• provider registry.terraform.io/cloudflare/cloudflare v4.20.0
• provider registry.terraform.io/hashicorp/google v5.12.0
• provider registry.terraform.io/hashicorp/random v3.6.0
• provider registry.terraform.io/hashicorp/vault v3.24.0

Affected resource(s)

data cloudflare_tunnel https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/data-sources/tunnel

Terraform configuration files

data "cloudflare_tunnel" "example" {
  account_id = "f037e56e89293a057740de681ac9abbe"
  name       = "my-tunnel"
}

Link to debug output

None

Panic output

No response

Expected output

The data lookup should return the active tunnel, not an older inactive and deleted tunnel

Actual output

The API call used by the data resource returns multiple results, and a single one is selected offering no way to further filter (by status etc)

Steps to reproduce

Create and delete a tunnel multiple times with the same name, then review the tunnel ID returned in a data resource

Additional factoids

No response

References

No response

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[github-actions[bot]]

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

[jacobbednarz]

moving to an enhancement as this is working as expected (the general listing API doesn't separate on status). adding filters to the data source is an improvement now that they exist.

[PavelPikat]

I would argue that this is a serious bug and not an enhancement. I have a tunnel in the account and the cloudflare_tunnel data source returns me wrong ID, not the one that I can see in the Web UI. The ID that the Terraform gives me cannot be found anywhere. This is critical to us, as we are unable to hook up our automation when tunnel IDs returned by the provider don't actually exist. It's impossible to create any kind of DNS records with invalid tunnel IDs. Can this be prioritized please @jacobbednarz

[jacobbednarz]

This issue has been closed as we are now tracking this internally with service teams directly. If you would like an update or to be notified when/if the product ships with this change, please reach out to Cloudflare Support or your account team who can watch the internal feature request for you.

[github-actions[bot]]

This functionality has been released in v4.29.0 of the Terraform Cloudflare Provider.

Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!