cloudflare_access_application not idempotent with http_only_cookie_attribute attribute to false

[DamienDelporte]

Confirmation

• My issue isn't already found on the issue tracker.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

$ terraform -v
Terraform v0.14.11
+ provider registry.terraform.io/cloudflare/cloudflare v3.11.0

Affected resource(s)

• cloudflare_access_application

Terraform configuration files

resource "cloudflare_access_application" "test" {
  account_id                = var.account_id
  name                      = "test.doctolib.com"
  domain                    = "test.doctolib.com"
  session_duration          = "3h"
  auto_redirect_to_identity = true
  same_site_cookie_attribute = "none"
  http_only_cookie_attribute = false
  enable_binding_cookie = false

  cors_headers {
    allowed_origins   = ["test.doctolib.com"]
    allow_credentials = false
    allow_all_methods = true
    max_age           = 30
  }
}

Debug output

Not needed.

Panic output

None.

Expected output

Nothing to be changed after creation.

Actual output

  # cloudflare_access_application.test will be updated in-place
  ~ resource "cloudflare_access_application" "test" {
      ~ http_only_cookie_attribute = true -> false
        id                         = "xxx"
        name                       = "test.doctolib.com"
        # (11 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Steps to reproduce

1. terraform apply (to create ressource)
2. terraform apply (to see the problem, and try to apply again (why not))
3. terraform apply (problem still here)

Additional factoids

No response

References

No response

[github-actions]

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

[chaoqi]

Hi @DamienDelporte, I also have the exact same problems. The HttpOnly is by default "Enabled" and i can NOT set this to be disabled by setting http_only_cookie_attribute = false using Terraform.

[DamienDelporte]

Thank you so much !

[DamienDelporte]

Hello @jacobbednarz would you be able to give us an approximate release date for the fixed terraform provider ? 🙏