terraform-provider-cloudflare
terraform-provider-cloudflare copied to clipboard
cloudflare
cloudflare_zero_trust_device_custom_profile_local_domain_fallback not allowing null entries
Confirmation
- [x] This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
- [x] I have searched the issue tracker and my issue isn't already found.
- [x] I have replicated my issue using the latest version of the provider and it is still present.
Terraform and Cloudflare provider version
OpenTofu v1.9.1 on darwin_arm64
- provider registry.opentofu.org/cloudflare/cloudflare v5.4.0
- provider registry.opentofu.org/hashicorp/http v3.5.0
- provider registry.opentofu.org/hashicorp/local v2.5.2
- provider registry.opentofu.org/hashicorp/null v3.2.4
- provider registry.opentofu.org/hashicorp/tls v4.1.0
Affected resource(s)
cloudflare_zero_trust_device_custom_profile_local_domain_fallback
Terraform configuration files
variable "cloudflare_warp_tenant_name" {
type = string
description = "Tenant Name for Zero Trust"
}
resource "cloudflare_zero_trust_device_custom_profile" "example" {
account_id = var.cloudflare_account_id
name = "example"
description = "Example WARP settings managed via Terraform"
precedence = 3
match = format("any(identity.groups.name[*] in {\"All Company\"}) or identity.email == \"non_identity@%s.cloudflareaccess.com\"", var.cloudflare_warp_tenant_name)
enabled = true
allow_mode_switch = true
allow_updates = true
allowed_to_leave = true
auto_connect = 0
disable_auto_fallback = true
switch_locked = false
service_mode_v2 = {
mode = "warp"
}
exclude_office_ips = true
tunnel_protocol = "masque"
exclude = [{
address = "10.0.0.1/32"
description = "dummy exclude"
}]
}
resource "cloudflare_zero_trust_device_custom_profile_local_domain_fallback" "example" {
account_id = var.cloudflare_account_id
policy_id = cloudflare_zero_trust_device_custom_profile.example.id
domains = [{
suffix = "localdomain"
description = null
dns_server = [null]
}]
depends_on = [cloudflare_zero_trust_device_custom_profile.example]
}
Link to debug output
https://gist.github.com/pcanham/10236f1a92fc97386acb0ed45439100d
Panic output
No response
Expected output
Expected behaviour is to allow null valued entries into the domain fallback, this is default behavior in v4 and also within the console.
See below the default list which also shows null in the console
Actual output
cloudflare_zero_trust_device_custom_profile.tavern: Creating... cloudflare_zero_trust_device_custom_profile.tavern: Creation complete after 1s [id=5d4c9b30-d29f-48c9-b659-c00ee63165fa] cloudflare_zero_trust_device_custom_profile_local_domain_fallback.tavern: Creating... ╷ │ Warning: Resource Destruction Considerations │ │ with cloudflare_zero_trust_device_custom_profile_local_domain_fallback.tavern, │ on warp_device_profile_tavern.tofu line 25, in resource "cloudflare_zero_trust_device_custom_profile_local_domain_fallback" "tavern": │ 25: resource "cloudflare_zero_trust_device_custom_profile_local_domain_fallback" "tavern" { │ │ This resource cannot be destroyed from Terraform. If you create this resource, it will be present in the API until manually deleted. ╵ ╷ │ Error: failed to make http request │ │ with cloudflare_zero_trust_device_custom_profile_local_domain_fallback.tavern, │ on warp_device_profile_tavern.tofu line 25, in resource "cloudflare_zero_trust_device_custom_profile_local_domain_fallback" "tavern": │ 25: resource "cloudflare_zero_trust_device_custom_profile_local_domain_fallback" "tavern" { │ │ PUT "https://api.cloudflare.com/client/v4/accounts/2eb4fe8ea198cb18bedec3bb3e2c9ea2/devices/policy/5d4c9b30-d29f-48c9-b659-c00ee63165fa/fallback_domains": 400 Bad Request {"result":null,"success":false,"errors":[{"code":2048,"message":"cannot update fallback domains: invalid ip"}],"messages":[]} │
Steps to reproduce
- Create custom profile
- link a domain fallback entry with no IP next to the domain
Additional factoids
No response
References
No response
