Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cloudflare_access_policy: When using multiple saml blocks in an include block, only the last one is saved #2018

Closed
2 tasks done
bobthebuilderberlin opened this issue Nov 10, 2022 · 1 comment · Fixed by #2033
Closed
2 tasks done

cloudflare_access_policy: When using multiple saml blocks in an include block, only the last one is saved #2018

bobthebuilderberlin opened this issue Nov 10, 2022 · 1 comment · Fixed by #2033
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. service/access Categorizes issue or PR as related to the Access service. triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log.

Comments

@bobthebuilderberlin
Copy link

bobthebuilderberlin commented Nov 10, 2022
edited
Loading

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.0.11
cloudflare provider version = "3.27.0"

Affected resource(s)

cloudflare_access_policy

Terraform configuration files

resource "cloudflare_access_policy" "my-application" {
  application_id = <application-id>
  account_id     = local.cloudflare_account_id
  name           = "allow-saml"
  precedence     = "3"
  decision       = "allow"

  include {
    dynamic "saml" {
      for_each = toset(["group-1", "group-2"])
      content {
        attribute_name  = "Groups"
        attribute_value = saml.key
      }
    }
  }
}

Link to debug output

https://gist.github.com/bobthebuilderberlin/66971a1af766131887faace3a90416d8

Panic output

No response

Expected output

After an apply, not only the last item of the saml block list should be saved, but all of the items.
Providing multiple include blocks with single saml blocks does not help.

Actual output

plan output after a singular apply:

  ~ resource "cloudflare_access_policy" "my-policy" {
        id             = "<id>"
        name           = "allow-saml"
        # (4 unchanged attributes hidden)

      ~ include {
            # (11 unchanged attributes hidden)

          ~ saml {
              ~ attribute_value = "group-2" -> "group-1"
                # (1 unchanged attribute hidden)
            }
          + saml {
              + attribute_name  = "Groups"
              + attribute_value = "group-2"
            }
        }
    }

Same in the UI, only the last element is saved.

Steps to reproduce

  1. Create multiple saml blocks in the include block of a cloudflare_access_policy resource
  2. terraform apply
  3. terraform plan shows that only the first element is saved.

Additional factoids

Seems to be very similar to this issue:
#1917

References

No response
@bobthebuilderberlin bobthebuilderberlin added kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Nov 10, 2022
@github-actions
Copy link
Contributor

Terraform debug log detected ✅

@github-actions github-actions bot added the triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log. label Nov 10, 2022
@jacobbednarz jacobbednarz added the service/access Categorizes issue or PR as related to the Access service. label Nov 13, 2022
@Justin-Holmes Justin-Holmes mentioned this issue Nov 17, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. service/access Categorizes issue or PR as related to the Access service. triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log.
Projects
None yet
Milestone
No milestone
2 participants
@jacobbednarz @bobthebuilderberlin