Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cloudflare_authenticated_origin_pulls per zone certificates setting for enabled cannot be changed #1832

Closed
2 tasks done
troymjones opened this issue Aug 12, 2022 · 3 comments · Fixed by #1861
Closed
2 tasks done

cloudflare_authenticated_origin_pulls per zone certificates setting for enabled cannot be changed #1832

troymjones opened this issue Aug 12, 2022 · 3 comments · Fixed by #1861
Labels
kind/bug Categorizes issue or PR as related to a bug. triage/needs-information Indicates an issue needs more information in order to work on it.
Milestone
v3.23.0

Comments

@troymjones
Copy link
Contributor

troymjones commented Aug 12, 2022
edited

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v0.14.3

  • provider registry.terraform.io/cloudflare/cloudflare v3.20.0

Your version of Terraform is out of date! The latest version
is 1.2.7. You can update by downloading from https://www.terraform.io/downloads.html

Affected resource(s)

cloudflare_authenticated_origin_pulls
cloudflare_authenticated_origin_pulls_certificate

Terraform configuration files

resource "cloudflare_authenticated_origin_pulls_certificate" "cf_test_apis_qa_indeed_net_client_certificate" {
    zone_id = cloudflare_zone.cf_test_apis_qa_indeed_net.id
    certificate = var.cloudflare_offload_client_certificate
    private_key = var.cloudflare_offload_client_certificate_private_key
    type        = "per-zone"
}

resource "cloudflare_authenticated_origin_pulls" "cf_test_apis_qa_indeed_net" {
    zone_id = cloudflare_zone.cf_test_apis_qa_indeed_net.id
    authenticated_origin_pulls_certificate = cloudflare_authenticated_origin_pulls_certificate.cf_test_apis_qa_indeed_net_client_certificate.id
    enabled = false
}

Debug output

�Terraform v0.14.3
Initializing plugins and modules...
2022/08/12 19:50:32 [WARN] Log levels other than TRACE are currently unreliable, and are supported only for backward compatibility.
  Use TF_LOG=TRACE to see Terraform's internal logs.
  ----
2022/08/12 19:50:32 [INFO] Terraform version: 0.14.3  
2022/08/12 19:50:32 [INFO] Go runtime version: go1.15.2
2022/08/12 19:50:32 [INFO] CLI args: []string{"/usr/local/bin/terraform", "apply", "-lock=false", "-parallelism=10", "/terraform/terraform.tfplan"}
2022/08/12 19:50:32 [DEBUG] Attempting to open CLI config file: /tmp/cli.tfrc
2022/08/12 19:50:32 Loading CLI configuration from /tmp/cli.tfrc
2022/08/12 19:50:32 [DEBUG] Not reading CLI config directory because config location is overridden by environment variable
2022/08/12 19:50:32 [DEBUG] Using modified User-Agent: HashiCorp Terraform/0.14.3 (+https://www.terraform.io) TFE/v202206-1
2022/08/12 19:50:32 [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2022/08/12 19:50:32 [DEBUG] ignoring non-existing provider search directory /root/.terraform.d/plugins
2022/08/12 19:50:32 [DEBUG] ignoring non-existing provider search directory /root/.local/share/terraform/plugins
2022/08/12 19:50:32 [DEBUG] will search for provider plugins in /usr/local/share/terraform/plugins
2022/08/12 19:50:32 [DEBUG] ignoring non-existing provider search directory /usr/share/terraform/plugins
2022/08/12 19:50:32 [INFO] CLI command args: []string{"apply", "-lock=false", "-parallelism=10", "/terraform/terraform.tfplan"}
2022/08/12 19:50:32 [DEBUG] Service discovery for terraform.indeed.tech at https://terraform.indeed.tech/.well-known/terraform.json
2022/08/12 19:50:32 [DEBUG] checking for provisioner in "."
2022/08/12 19:50:32 [DEBUG] checking for provisioner in "/usr/local/bin"
2022/08/12 19:50:32 [INFO] Failed to read plugin lock file .terraform/plugins/linux_amd64/lock.json: open .terraform/plugins/linux_amd64/lock.json: no such file or directory
2022/08/12 19:50:32 [DEBUG] Using modified User-Agent: Terraform/0.14.3 TFE/v202206-1
2022/08/12 19:50:32 [WARN] Log levels other than TRACE are currently unreliable, and are supported only for backward compatibility.
  Use TF_LOG=TRACE to see Terraform's internal logs.
  ----
2022/08/12 19:50:32 [DEBUG] Using modified User-Agent: HashiCorp Terraform/0.14.3 (+https://www.terraform.io) TFE/v202206-1
2022/08/12 19:50:32 [INFO] backend/local: starting Apply operation
2022-08-12T19:50:32.620Z [INFO]  plugin: configuring client automatic mTLS
2022-08-12T19:50:32.650Z [DEBUG] plugin: starting plugin: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.21.0/linux_amd64/terraform-provider-cloudflare_v3.21.0 args=[.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.21.0/linux_amd64/terraform-provider-cloudflare_v3.21.0]
2022-08-12T19:50:32.650Z [DEBUG] plugin: plugin started: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.21.0/linux_amd64/terraform-provider-cloudflare_v3.21.0 pid=157
2022-08-12T19:50:32.650Z [DEBUG] plugin: waiting for RPC address: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.21.0/linux_amd64/terraform-provider-cloudflare_v3.21.0
2022-08-12T19:50:32.656Z [INFO]  plugin.terraform-provider-cloudflare_v3.21.0: configuring server automatic mTLS: timestamp=2022-08-12T19:50:32.656Z
2022-08-12T19:50:32.681Z [DEBUG] plugin.terraform-provider-cloudflare_v3.21.0: plugin address: address=/tmp/plugin1072776744 network=unix timestamp=2022-08-12T19:50:32.681Z
2022-08-12T19:50:32.681Z [DEBUG] plugin: using plugin: version=5
2022-08-12T19:50:32.732Z [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-08-12T19:50:32.734Z [DEBUG] plugin: plugin process exited: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.21.0/linux_amd64/terraform-provider-cloudflare_v3.21.0 pid=157
2022-08-12T19:50:32.734Z [DEBUG] plugin: plugin exited
2022/08/12 19:50:32 [INFO] backend/local: apply calling Apply
2022/08/12 19:50:32 [INFO] terraform: building graph: GraphTypeApply
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_zone.apis_qa_indeed_tech (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_filter.filter_cf_test_apis_qa_indeed_net_allow_flex_ips_for_datadrop (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_filter.filter_cf_test_apis_qa_indeed_net_privileged_ip_check (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_record.apis_qa_indeed_net (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_firewall_rule.cf_test_apis_qa_indeed_net_allow_flex_ips_for_datadrop (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_worker_route.cf_test_apis_qa_indeed_net (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_record.apis_qa_indeed_tech (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_firewall_rule.apis_qa_indeed_tech_allow_flex_ips_for_datadrop (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_record.cf_test_apis_qa_indeed_net (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_authenticated_origin_pulls_certificate.cf_test_apis_qa_indeed_net_client_certificate (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_filter.filter_apis_qa_indeed_tech_allow_flex_ips_for_datadrop (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_filter.filter_apis_qa_indeed_tech_privileged_ip_check (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_authenticated_origin_pulls.apis_qa_indeed_net (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_list.indeed_flex_aws_ips (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_firewall_rule.apis_qa_indeed_tech_privileged_ip_check (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_filter.filter_apis_qa_indeed_net_privileged_ip_check (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_worker_script.indeed_api_gateway_qa_worker_script (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_authenticated_origin_pulls_certificate.apis_qa_indeed_tech_client_certificate (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_list.indeed_internal_ips (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_filter.filter_apis_qa_indeed_net_allow_flex_ips_for_datadrop (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_firewall_rule.apis_qa_indeed_net_allow_flex_ips_for_datadrop (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_zone.cf_test_apis_qa_indeed_net (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_authenticated_origin_pulls.apis_qa_indeed_tech (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_worker_route.apis_qa_indeed_net (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_authenticated_origin_pulls.cf_test_apis_qa_indeed_net (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_firewall_rule.apis_qa_indeed_net_privileged_ip_check (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_zone_settings_override.apis_qa_indeed_net (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_authenticated_origin_pulls.cf_test_apis_qa_indeed_net" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_authenticated_origin_pulls_certificate.apis_qa_indeed_net_client_certificate (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_zone.apis_qa_indeed_net (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_firewall_rule.cf_test_apis_qa_indeed_net_privileged_ip_check (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_zone_settings_override.cf_test_apis_qa_indeed_net (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_worker_route.apis_qa_indeed_tech (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ProviderTransformer: "cloudflare_zone_settings_override.apis_qa_indeed_tech (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "var.cloudflare_offload_client_certificate_private_key" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_firewall_rule.apis_qa_indeed_tech_privileged_ip_check (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_authenticated_origin_pulls_certificate.cf_test_apis_qa_indeed_net_client_certificate (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_zone.apis_qa_indeed_net (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_filter.filter_apis_qa_indeed_net_privileged_ip_check (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_record.apis_qa_indeed_net (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_worker_script.indeed_api_gateway_qa_worker_script (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "var.cloudflare_email" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_firewall_rule.apis_qa_indeed_net_allow_flex_ips_for_datadrop (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_firewall_rule.cf_test_apis_qa_indeed_net_privileged_ip_check (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_firewall_rule.apis_qa_indeed_net_privileged_ip_check (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_zone_settings_override.cf_test_apis_qa_indeed_net (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_zone.cf_test_apis_qa_indeed_net (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_worker_route.cf_test_apis_qa_indeed_net (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_authenticated_origin_pulls_certificate.apis_qa_indeed_tech_client_certificate (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_firewall_rule.cf_test_apis_qa_indeed_net_allow_flex_ips_for_datadrop (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_filter.filter_apis_qa_indeed_tech_allow_flex_ips_for_datadrop (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_worker_route.apis_qa_indeed_tech (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_zone_settings_override.apis_qa_indeed_net (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_zone_settings_override.apis_qa_indeed_tech (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_authenticated_origin_pulls.apis_qa_indeed_tech (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_worker_route.apis_qa_indeed_net (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_authenticated_origin_pulls.cf_test_apis_qa_indeed_net" references: [cloudflare_zone.cf_test_apis_qa_indeed_net (expand) cloudflare_authenticated_origin_pulls_certificate.cf_test_apis_qa_indeed_net_client_certificate (expand)]
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" references: [var.cloudflare_account_id var.cloudflare_email var.cloudflare_api_key]
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_filter.filter_cf_test_apis_qa_indeed_net_privileged_ip_check (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_list.indeed_internal_ips (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_filter.filter_apis_qa_indeed_net_allow_flex_ips_for_datadrop (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_zone.apis_qa_indeed_tech (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "var.cloudflare_offload_client_certificate" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_filter.filter_apis_qa_indeed_tech_privileged_ip_check (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_record.apis_qa_indeed_tech (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_authenticated_origin_pulls.apis_qa_indeed_net (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "var.cloudflare_api_key" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "var.cloudflare_account_id" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_firewall_rule.apis_qa_indeed_tech_allow_flex_ips_for_datadrop (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_filter.filter_cf_test_apis_qa_indeed_net_allow_flex_ips_for_datadrop (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_authenticated_origin_pulls.cf_test_apis_qa_indeed_net (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_list.indeed_flex_aws_ips (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_record.cf_test_apis_qa_indeed_net (expand)" references: []
2022/08/12 19:50:32 [DEBUG] ReferenceTransformer: "cloudflare_authenticated_origin_pulls_certificate.apis_qa_indeed_net_client_certificate (expand)" references: []
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_firewall_rule.apis_qa_indeed_tech_privileged_ip_check (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_zone.apis_qa_indeed_net (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_filter.filter_apis_qa_indeed_net_privileged_ip_check (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_record.apis_qa_indeed_net (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_firewall_rule.apis_qa_indeed_net_allow_flex_ips_for_datadrop (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_firewall_rule.cf_test_apis_qa_indeed_net_privileged_ip_check (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_firewall_rule.apis_qa_indeed_net_privileged_ip_check (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_zone_settings_override.cf_test_apis_qa_indeed_net (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_worker_script.indeed_api_gateway_qa_worker_script (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_authenticated_origin_pulls_certificate.apis_qa_indeed_tech_client_certificate (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_firewall_rule.cf_test_apis_qa_indeed_net_allow_flex_ips_for_datadrop (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_filter.filter_apis_qa_indeed_tech_allow_flex_ips_for_datadrop (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_worker_route.apis_qa_indeed_tech (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_zone_settings_override.apis_qa_indeed_net (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_worker_route.cf_test_apis_qa_indeed_net (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_zone_settings_override.apis_qa_indeed_tech (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_authenticated_origin_pulls.apis_qa_indeed_tech (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_worker_route.apis_qa_indeed_net (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_authenticated_origin_pulls_certificate.apis_qa_indeed_net_client_certificate (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_record.cf_test_apis_qa_indeed_net (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_list.indeed_flex_aws_ips (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_filter.filter_cf_test_apis_qa_indeed_net_allow_flex_ips_for_datadrop (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_firewall_rule.apis_qa_indeed_tech_allow_flex_ips_for_datadrop (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_authenticated_origin_pulls.apis_qa_indeed_net (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_record.apis_qa_indeed_tech (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_filter.filter_apis_qa_indeed_tech_privileged_ip_check (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_filter.filter_cf_test_apis_qa_indeed_net_privileged_ip_check (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_list.indeed_internal_ips (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_filter.filter_apis_qa_indeed_net_allow_flex_ips_for_datadrop (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] pruneUnusedNodes: cloudflare_zone.apis_qa_indeed_tech (expand) is no longer needed, removing
2022/08/12 19:50:32 [DEBUG] Starting graph walk: walkApply
2022-08-12T19:50:32.741Z [INFO]  plugin: configuring client automatic mTLS
2022-08-12T19:50:32.787Z [DEBUG] plugin: starting plugin: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.21.0/linux_amd64/terraform-provider-cloudflare_v3.21.0 args=[.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.21.0/linux_amd64/terraform-provider-cloudflare_v3.21.0]
2022-08-12T19:50:32.787Z [DEBUG] plugin: plugin started: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.21.0/linux_amd64/terraform-provider-cloudflare_v3.21.0 pid=174
2022-08-12T19:50:32.787Z [DEBUG] plugin: waiting for RPC address: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.21.0/linux_amd64/terraform-provider-cloudflare_v3.21.0
2022-08-12T19:50:32.794Z [INFO]  plugin.terraform-provider-cloudflare_v3.21.0: configuring server automatic mTLS: timestamp=2022-08-12T19:50:32.794Z
2022-08-12T19:50:32.822Z [DEBUG] plugin.terraform-provider-cloudflare_v3.21.0: plugin address: network=unix address=/tmp/plugin3491248121 timestamp=2022-08-12T19:50:32.821Z
2022-08-12T19:50:32.822Z [DEBUG] plugin: using plugin: version=5
2022-08-12T19:50:32.878Z [INFO]  plugin.terraform-provider-cloudflare_v3.21.0: using specified account id 07918e4a6ae1830390405d10beb5ae0e in Cloudflare provider: tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=60a26a49-95c4-b1a5-f9f6-e784817a11d5 tf_rpc=Configure @caller=github.com/cloudflare/terraform-provider-cloudflare/internal/provider/provider.go:304 @module=cloudflare timestamp=2022-08-12T19:50:32.878Z
�[0m�[1mcloudflare_authenticated_origin_pulls.cf_test_apis_qa_indeed_net: Modifying... [id=c00bf4f457d6a4c518f804bdffa9c41e]�[0m�[0m
2022/08/12 19:50:32 [DEBUG] EvalApply: ProviderMeta config value set
2022/08/12 19:50:32 [DEBUG] cloudflare_authenticated_origin_pulls.cf_test_apis_qa_indeed_net: applying the planned Update change
2022-08-12T19:50:32.885Z [DEBUG] plugin.terraform-provider-cloudflare_v3.21.0: Cloudflare API Request Details:
---[ REQUEST ]---------------------------------------
PUT /client/v4/zones/af883e590a10030771dc7789d2a8f94b/origin_tls_client_auth/hostnames HTTP/1.1
Host: api.cloudflare.com
User-Agent: terraform/0.14.3 terraform-plugin-sdk/2.10.1 terraform-provider-cloudflare/dev
Content-Length: 93
Content-Type: application/json
Accept-Encoding: gzip

{
 "config": [
  {
   "hostname": "",
   "cert_id": "8a8ff386-32cf-4dc3-8dec-c0db13356f88",
   "enabled": false
  }
 ]
}
-----------------------------------------------------: timestamp=2022-08-12T19:50:32.885Z
2022-08-12T19:50:33.090Z [DEBUG] plugin.terraform-provider-cloudflare_v3.21.0: Cloudflare API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 400 Bad Request
Cf-Cache-Status: DYNAMIC
Cf-Ray: 739bbd97db362d52-ORD
Content-Type: application/json
Date: Fri, 12 Aug 2022 19:50:33 GMT
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
Set-Cookie: __cflb=0H28vgHxwvgAQtjUGU4vq74ZFe3sNVUZSywNYeN8PVF; SameSite=Lax; path=/; expires=Fri, 12-Aug-22 22:20:34 GMT; HttpOnly
Set-Cookie: __cfruid=55df3ae974aabf8e4dbae2a459d58a07e66dbe20-1660333833; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
Vary: Accept-Encoding
X-Envoy-Upstream-Service-Time: 8

{
 "success": false,
 "errors": [
  {
   "code": 1417,
   "message": "Hostname is required. Please check your input and try again."
  }
 ],
 "messages": []
}
-----------------------------------------------------: timestamp=2022-08-12T19:50:33.089Z
2022-08-12T19:50:33.090Z [ERROR] plugin.terraform-provider-cloudflare_v3.21.0: Response contains error diagnostic: tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.12.0/tfprotov5/internal/diag/diagnostics.go:56 @module=sdk.proto diagnostic_detail= diagnostic_severity=ERROR tf_resource_type=cloudflare_authenticated_origin_pulls diagnostic_summary="error creating Per-Hostname Authenticated Origin Pulls resource on zone "af883e590a10030771dc7789d2a8f94b": Hostname is required. Please check your input and try again. (1417)" tf_proto_version=5.3 tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=38084870-f004-45bc-c24a-ee9dfea58503 timestamp=2022-08-12T19:50:33.090Z
2022/08/12 19:50:33 [DEBUG] cloudflare_authenticated_origin_pulls.cf_test_apis_qa_indeed_net: apply errored, but we're indicating that via the Error pointer rather than returning it: error creating Per-Hostname Authenticated Origin Pulls resource on zone "af883e590a10030771dc7789d2a8f94b": Hostname is required. Please check your input and try again. (1417)
�[31m
�[1m�[31mError: �[0m�[0m�[1merror creating Per-Hostname Authenticated Origin Pulls resource on zone "af883e590a10030771dc7789d2a8f94b": Hostname is required. Please check your input and try again. (1417)�[0m

�[0m  on cf_test_apis_qa_indeed_net.tf line 55, in resource "cloudflare_authenticated_origin_pulls" "cf_test_apis_qa_indeed_net":
  55: resource "cloudflare_authenticated_origin_pulls" "cf_test_apis_qa_indeed_net" �[4m{�[0m
�[0m
�[0m�[0m
2022-08-12T19:50:33.096Z [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-08-12T19:50:33.098Z [DEBUG] plugin: plugin process exited: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.21.0/linux_amd64/terraform-provider-cloudflare_v3.21.0 pid=174
2022-08-12T19:50:33.098Z [DEBUG] plugin: plugin exited
�```

### Panic output

�Terraform v0.14.3
Initializing plugins and modules...
cloudflare_authenticated_origin_pulls.cf_test_apis_qa_indeed_net: Modifying... [id=c00bf4f457d6a4c518f804bdffa9c41e]

Error: error creating Per-Hostname Authenticated Origin Pulls resource on zone "af883e590a10030771dc7789d2a8f94b": Hostname is required. Please check your input and try again. (1417)

  on cf_test_apis_qa_indeed_net.tf line 55, in resource "cloudflare_authenticated_origin_pulls" "cf_test_apis_qa_indeed_net":
  55: resource "cloudflare_authenticated_origin_pulls" "cf_test_apis_qa_indeed_net" {

### Expected output

enabled setting should have properly been set to false

### Actual output

Error resulted in terraform not applying

### Steps to reproduce

1. Create cloudflare_authenticated_origin_pulls_certificate (per-zone) AND cloudflare_authenticated_origin_pulls setting enabled to false. Do NOT set a hostname for cloudflare_authenticated_origin_pulls, but be sure to set the authenticated_origin_pulls_certificate id.
2. Attempt to set the enabled value to false

See terraform apply error

### Additional factoids

Here is where the code appears to be getting the hostname (on a blank per-zone origin_pull resource), determining that it is NOT blank, but then the cloudflare-go client returns an error saying the the Hostname was not provided.

https://github.com/cloudflare/terraform-provider-cloudflare/blob/acb8cd3805fe4ccfee79f573d319f87baab8c707/internal/provider/resource_cloudflare_authenticated_origin_pulls.go#L30-L44

My guess is there something to do with a null to string conversion that results in a non-empty string in go. 

### References

_No response_
@troymjones troymjones added kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Aug 12, 2022
@github-actions
Copy link
Contributor

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

@github-actions github-actions bot added triage/needs-information Indicates an issue needs more information in order to work on it. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Aug 12, 2022
@troymjones
Copy link
Contributor Author

I have updated the log output from terraform apply with TF_LOG=DEBUG

nickysemenza added a commit to nickysemenza/terraform-provider-cloudflare that referenced this issue Aug 25, 2022
@nickysemenza
fix retrieval of enabledVal
ceb8c7f 
```
// GetOk returns the data for the given key and whether or not the key
// has been set to a non-zero value at some point.
```

if enabled is explicitly set to false, then it technically stays at the zero value

Resolves cloudflare#1832
nickysemenza added a commit to nickysemenza/terraform-provider-cloudflare that referenced this issue Aug 25, 2022
@nickysemenza
fix retrieval of enabledVal
d0a2a0f 
```
// GetOk returns the data for the given key and whether or not the key
// has been set to a non-zero value at some point.
```

if the tfstate explicitly has `enabled = false`, then it technically stays at the zero value, which means that the second return value from `GetOk` (`ok`) returns false. If `hostname` is an empty string  (such as when`cloudflare_authenticated_origin_pulls_certificate` has `type = "per-zone"` (as opposed to `per-hostname`), then those 2 cancel each other out:

```
switch false {
  case false:
     // uh oh this evaluates
```

Resolves cloudflare#1832
@nickysemenza nickysemenza mentioned this issue Aug 25, 2022
Merged
nickysemenza added a commit to nickysemenza/terraform-provider-cloudflare that referenced this issue Aug 30, 2022
@nickysemenza
fix retrieval of enabledVal
965c316 
```
// GetOk returns the data for the given key and whether or not the key
// has been set to a non-zero value at some point.
```

if the tfstate explicitly has `enabled = false`, then it technically stays at the zero value, which means that the second return value from `GetOk` (`ok`) returns false. If `hostname` is an empty string  (such as when`cloudflare_authenticated_origin_pulls_certificate` has `type = "per-zone"` (as opposed to `per-hostname`), then those 2 cancel each other out:

```
switch false {
  case false:
     // uh oh this evaluates
```


```release-note:bug
resource/cloudflare_authenticated_origin_pulls: fix improper handling of enabled=false
```


Resolves cloudflare#1832
@github-actions github-actions bot added this to the v3.23.0 milestone Sep 1, 2022
@github-actions
Copy link
Contributor

github-actions bot commented Sep 7, 2022

This functionality has been released in v3.23.0 of the Terraform Cloudflare Provider.

Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. triage/needs-information Indicates an issue needs more information in order to work on it.
Projects
None yet
Milestone
v3.23.0
1 participant
@troymjones