cloudflare_tunnel_route: read by filtering list

The `GetTunnelRouteForIP` SDK function will return the first route that either exactly matches the specified IP or larger CIDR. If routes exist for both `10.0.0.0/8` and `10.0.0.0/24`, and the latter is accidentally deleted, the SDK function will start returning the former route. This changeset resolves this issue by providing filters to the `ListTunnelRoutes` such that the network subset and superset are both the specific CIDR being managed. The API returns 1 result if there is an exact match, and 0 results otherwise. Bug: K8S-4828
cloudflare · Apr 25, 2022 · f1b3e34 · f1b3e34
1 parent b6ca7a8
commit f1b3e34
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 16 deletions.
diff --git a/.changelog/1581.txt b/.changelog/1581.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+cloudflare_tunnel_routes: Fix reads matching routers with larger CIDRs
+```
diff --git a/cloudflare/resource_cloudflare_tunnel_route.go b/cloudflare/resource_cloudflare_tunnel_route.go
@@ -2,8 +2,8 @@ package cloudflare
 
 import (
 	"context"
-	"errors"
 	"fmt"
+	"log"
 	"strings"
 
 	"github.com/cloudflare/cloudflare-go"
@@ -25,27 +25,30 @@ func resourceCloudflareTunnelRoute() *schema.Resource {
 
 func resourceCloudflareTunnelRouteRead(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*cloudflare.API)
-
-	tunnelRoute, err := client.GetTunnelRouteForIP(context.Background(), cloudflare.TunnelRoutesForIPParams{
-		AccountID: d.Get("account_id").(string),
-		Network:   d.Get("network").(string),
+	accountID := d.Get("account_id").(string)
+	network := d.Get("network").(string)
+
+	tunnelRoutes, err := client.ListTunnelRoutes(context.Background(), cloudflare.TunnelRoutesListParams{
+		AccountID:       accountID,
+		IsDeleted:       cloudflare.BoolPtr(false),
+		NetworkSubset:   network,
+		NetworkSuperset: network,
 	})
+
 	if err != nil {
-		// FIXME(2022-04-21): Until the API returns a valid v4 compatible envelope, we need to
-		// check if the error message is related to problems unmarshalling the response _or_
-		// an expected not found error.
-		var notFoundError *cloudflare.NotFoundError
-		if strings.Contains(err.Error(), "error unmarshalling the JSON response error body") || errors.As(err, &notFoundError) {
-			d.SetId("")
-			return nil
-		}
-
-		return fmt.Errorf("error reading Tunnel Route for Network %q: %w", d.Id(), err)
+		return fmt.Errorf("failed to fetch Tunnel Route: %w", err)
 	}
 
+	if len(tunnelRoutes) < 1 {
+		log.Printf("[INFO] Tunnel Route for network %s in account %s not found", network, accountID)
+		d.SetId("")
+		return nil
+	}
+
+	tunnelRoute := tunnelRoutes[0]
+
 	d.Set("tunnel_id", tunnelRoute.TunnelID)
 	d.Set("network", tunnelRoute.Network)
-
 	if len(tunnelRoute.Comment) > 0 {
 		d.Set("comment", tunnelRoute.Comment)
 	}
@@ -83,6 +86,7 @@ func resourceCloudflareTunnelRouteUpdate(d *schema.ResourceData, meta interface{
 		AccountID: d.Get("account_id").(string),
 		TunnelID:  d.Get("tunnel_id").(string),
 		Network:   d.Get("network").(string),
+		Comment:   "",
 	}
 
 	if comment, ok := d.Get("comment").(string); ok {