Page rule priority is compacted after apply, making terraform plan report changes

[rickardp]

Confirmation

• My issue isn't already found on the issue tracker.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.2.2 on linux_arm64
cloudflare/cloudflare version = "3.23.0"

Affected resource(s)

cloudflare_page_rule

Terraform configuration files

resource "cloudflare_page_rule" "cache_page_rule" {
  zone_id  = var.zone_id
  target   = "${var.match_domain}/*"
  priority = var.base_index + 1

  actions {
    explicit_cache_control = "on"
    polish                 = "lossless"
    cache_level            = "cache_everything"
  }
}

Link to debug output

n/a

Panic output

No response

Expected output

terraform plan report no changes after being applied.

Actual output

Priority is "compacted"

   #... will be updated in-place
      ~ resource "cloudflare_page_rule" "cache_page_rule" {
            id       = "...."
          ~ priority = 1 -> 11
            # (3 unchanged attributes hidden)

            # (1 unchanged block hidden)
        }

Steps to reproduce

1. terraform apply
2. terraform plan

Additional factoids

The need to keep rules priorities is crucial when you have a segmented IaC project where multiple projects/environments are responsible for different parts of a zone. Otherwise I have to beforehand know the exact index where the "previous environment" left off. I need to create ranges with gaps in them to properly and reliably insert priorities into the correct order. This expectation is based on e..g how the azurerm provider works with similar types of resources (compare with app gateway routing rule priorities for example, where the priorities "stick")

References

No response

[jacobbednarz]

see #187 where this is covered in detail with workarounds.

[rickardp]

I know of this #187 and I don't think this is the same issue. #187 deals with the fact that load ordering is not deterministically the same as in the file, and priority cannot be used because it gets reshuffled.

The case I describe in this issue can not be worked around by the suggested workaround in #187, specifically because I don't have access to all the page rules in my Terraform. I need to insert the rules at specific positions. This is common if you have multiple environments all contributing to the same zone.

It would indeed be possible to solve in the provider if Cloudflare is unwilling to support indexes in the API, by doing a read-then-write of the rules, right?

[jacobbednarz]

from #187

In contrast the Cloudflare API will reorder the page rules as they come in to ensure that they are sequential and there aren't gaps. For example, if you send in a rule with a priority of 3 yet don't have enough rules, it will become rule 1.

the API doesn't support gaps in page rule ordering so the provider won't either.

when you apply a change, you need access to all the page rules to successfully apply it. the slight exception here (but not really) is if you have a LTZ setup but that requires liberating a subdomain and the page rules to be subdomain specific.

[rickardp]

Thank you for the response. I read in #187 that you don't want to the read-then-Write for performance reasons. That is understandable. But the segmentation I mention in this issue is not possible to work around the way the the parallel writes are in #187.

As long as this issue is not addressed, it means that page rules cannot be split up in environments, which in turn means that page rules cannot be used if having more than one environment (unless using child domain, which in our case our subscription level does not allow).

I can possibly solve my problem in a worker so I will try this instead.