Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruleset - enabled doesn't work as intended #1273

Closed
2 tasks done
vences opened this issue Oct 22, 2021 · 8 comments · Fixed by #1275
Closed
2 tasks done

Ruleset - enabled doesn't work as intended #1273

vences opened this issue Oct 22, 2021 · 8 comments · Fixed by #1275
Labels
kind/bug Categorizes issue or PR as related to a bug. triage/accepted Indicates an issue or PR is ready to be actively worked on. workflow/pr-attached Indicates the issue has PR(s) attached.

Comments

@vences
Copy link
Contributor

vences commented Oct 22, 2021
edited
Loading

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

➜ terraform -v
Terraform v1.0.9
on darwin_amd64

  • provider registry.terraform.io/cloudflare/cloudflare v3.3.0
  • provider registry.terraform.io/hashicorp/random v2.3.1

Affected resource(s)

  • ruleset

Terraform configuration files

resource "cloudflare_ruleset" "zone_level_managed_waf_2" {
  zone_id     = var.cloudflare_zone_id
  name        = "managed WAF"
  description = "managed WAF ruleset description"
  kind        = "zone"
  phase       = "http_request_firewall_managed"

  rules {
    action = "execute"
    action_parameters {
        id = "efb7b8c949ac4650a09736fc376e9aee"
        version = "latest"
        overrides {
          categories {
            category = "wordpress"
            action = "js_challenge"
            enabled = true
          }
        }
    }
    expression = "true"
    description = "Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset"
    enabled = true
  }
}

Debug output

2021-10-22T10:14:28.061+0100 [DEBUG] Adding temp file log sink: /var/folders/nc/rqxx96yx24z2kk4w9twdjcg00000gp/T/terraform-log152189505
2021-10-22T10:14:28.061+0100 [INFO]  Terraform version: 1.0.9
2021-10-22T10:14:28.061+0100 [INFO]  Go runtime version: go1.16.4
2021-10-22T10:14:28.061+0100 [INFO]  CLI args: []string{"/Users/venceslas/bin/terraform", "apply", "-target", "cloudflare_ruleset.zone_level_managed_waf_2"}
2021-10-22T10:14:28.061+0100 [DEBUG] Attempting to open CLI config file: /Users/venceslas/.terraformrc
2021-10-22T10:14:28.061+0100 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2021-10-22T10:14:28.061+0100 [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2021-10-22T10:14:28.061+0100 [DEBUG] ignoring non-existing provider search directory /Users/venceslas/.terraform.d/plugins
2021-10-22T10:14:28.061+0100 [DEBUG] ignoring non-existing provider search directory /Users/venceslas/Library/Application Support/io.terraform/plugins
2021-10-22T10:14:28.062+0100 [DEBUG] ignoring non-existing provider search directory /Library/Application Support/io.terraform/plugins
2021-10-22T10:14:28.062+0100 [INFO]  CLI command args: []string{"apply", "-target", "cloudflare_ruleset.zone_level_managed_waf_2"}
2021-10-22T10:14:28.066+0100 [DEBUG] New state was assigned lineage "ffe02f33-3eee-d46e-d1df-2d3f5c4c713d"
2021-10-22T10:14:28.178+0100 [INFO]  Failed to read plugin lock file .terraform/plugins/darwin_amd64/lock.json: open .terraform/plugins/darwin_amd64/lock.json: no such file or directory
2021-10-22T10:14:28.179+0100 [INFO]  backend/local: starting Apply operation
2021-10-22T10:14:28.183+0100 [DEBUG] created provider logger: level=debug
2021-10-22T10:14:28.183+0100 [INFO]  provider: configuring client automatic mTLS
2021-10-22T10:14:28.211+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0 args=[.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0]
2021-10-22T10:14:28.215+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0 pid=61972
2021-10-22T10:14:28.215+0100 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0
2021-10-22T10:14:28.229+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: configuring server automatic mTLS: timestamp=2021-10-22T10:14:28.229+0100
2021-10-22T10:14:28.237+0100 [DEBUG] provider.terraform-provider-cloudflare_v3.3.0: plugin address: address=/var/folders/nc/rqxx96yx24z2kk4w9twdjcg00000gp/T/plugin848155961 network=unix timestamp=2021-10-22T10:14:28.237+0100
2021-10-22T10:14:28.237+0100 [DEBUG] provider: using plugin: version=5
2021-10-22T10:14:28.269+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-10-22T10:14:28.270+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0 pid=61972
2021-10-22T10:14:28.270+0100 [DEBUG] provider: plugin exited
2021-10-22T10:14:28.270+0100 [INFO]  terraform: building graph: GraphTypeValidate
2021-10-22T10:14:28.271+0100 [DEBUG] ProviderTransformer: "cloudflare_record.MX" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.271+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_managed_waf" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.271+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_custom_firewall" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.271+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.zone_level_managed_waf_2" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.271+0100 [DEBUG] ProviderTransformer: "cloudflare_ip_list.example" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.271+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_rl_custom_firewall_root" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.271+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.zone_custom_firewall" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.271+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_rl_custom_firewall" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.271+0100 [DEBUG] ProviderTransformer: "cloudflare_argo.example" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.271+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.zone_level_managed_waf" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.271+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.zone_rl_custom_firewall" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.271+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_custom_firewall_root" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.271+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.terraform_standard_headers" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "cloudflare_ip_list.example" references: [var.cloudflare_account_id]
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_rl_custom_firewall_root" references: [cloudflare_ruleset.account_rl_custom_firewall var.cloudflare_account_id cloudflare_ruleset.account_rl_custom_firewall]
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_custom_firewall_root" references: [cloudflare_ruleset.account_custom_firewall var.cloudflare_account_id cloudflare_ruleset.account_custom_firewall]
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_zone" references: []
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "cloudflare_argo.example" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_level_managed_waf_2" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_custom_firewall" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_rl_custom_firewall" references: [var.cloudflare_account_id]
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_custom_firewall" references: [var.cloudflare_account_id]
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_api_token" references: []
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_token" references: []
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "cloudflare_record.MX" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.terraform_standard_headers" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.272+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_zone_id" references: []
2021-10-22T10:14:28.273+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_managed_waf" references: [var.cloudflare_account_id]
2021-10-22T10:14:28.273+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_rl_custom_firewall" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.273+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_level_managed_waf" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.273+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_account_id" references: []
2021-10-22T10:14:28.273+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_email" references: []
2021-10-22T10:14:28.273+0100 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" references: [var.cloudflare_email var.cloudflare_account_id var.cloudflare_token]
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "cloudflare_ruleset.zone_rl_custom_firewall", filtered by targeting.
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "cloudflare_ruleset.zone_level_managed_waf", filtered by targeting.
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "cloudflare_ruleset.account_managed_waf", filtered by targeting.
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "cloudflare_ruleset.account_rl_custom_firewall_root", filtered by targeting.
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "cloudflare_ruleset.account_custom_firewall_root", filtered by targeting.
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "cloudflare_ip_list.example", filtered by targeting.
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "cloudflare_ruleset.zone_custom_firewall", filtered by targeting.
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "cloudflare_ruleset.account_rl_custom_firewall", filtered by targeting.
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "cloudflare_ruleset.account_custom_firewall", filtered by targeting.
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "var.cloudflare_api_token", filtered by targeting.
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "var.cloudflare_zone", filtered by targeting.
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "cloudflare_argo.example", filtered by targeting.
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "cloudflare_ruleset.terraform_standard_headers", filtered by targeting.
2021-10-22T10:14:28.273+0100 [DEBUG] Removing "cloudflare_record.MX", filtered by targeting.
2021-10-22T10:14:28.274+0100 [DEBUG] Starting graph walk: walkValidate
2021-10-22T10:14:28.274+0100 [DEBUG] created provider logger: level=debug
2021-10-22T10:14:28.274+0100 [INFO]  provider: configuring client automatic mTLS
2021-10-22T10:14:28.302+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0 args=[.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0]
2021-10-22T10:14:28.307+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0 pid=61973
2021-10-22T10:14:28.307+0100 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0
2021-10-22T10:14:28.322+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: configuring server automatic mTLS: timestamp=2021-10-22T10:14:28.322+0100
2021-10-22T10:14:28.330+0100 [DEBUG] provider.terraform-provider-cloudflare_v3.3.0: plugin address: address=/var/folders/nc/rqxx96yx24z2kk4w9twdjcg00000gp/T/plugin1787716589 network=unix timestamp=2021-10-22T10:14:28.330+0100
2021-10-22T10:14:28.330+0100 [DEBUG] provider: using plugin: version=5
2021-10-22T10:14:28.370+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-10-22T10:14:28.371+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0 pid=61973
2021-10-22T10:14:28.371+0100 [DEBUG] provider: plugin exited
2021-10-22T10:14:28.371+0100 [INFO]  backend/local: apply calling Plan
2021-10-22T10:14:28.371+0100 [INFO]  terraform: building graph: GraphTypePlan
2021-10-22T10:14:28.372+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.zone_level_managed_waf (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.372+0100 [DEBUG] ProviderTransformer: "cloudflare_argo.example (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.372+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.zone_custom_firewall (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.372+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_rl_custom_firewall (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.372+0100 [DEBUG] ProviderTransformer: "cloudflare_record.MX (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.372+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_managed_waf (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.372+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_custom_firewall (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.372+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.zone_rl_custom_firewall (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.372+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_custom_firewall_root (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.372+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.terraform_standard_headers (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.372+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.zone_level_managed_waf_2 (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.372+0100 [DEBUG] ProviderTransformer: "cloudflare_ip_list.example (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.372+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_rl_custom_firewall_root (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_managed_waf (expand)" references: [var.cloudflare_account_id]
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_rl_custom_firewall_root (expand)" references: [cloudflare_ruleset.account_rl_custom_firewall (expand) var.cloudflare_account_id cloudflare_ruleset.account_rl_custom_firewall (expand)]
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_zone_id" references: []
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_api_token" references: []
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_custom_firewall (expand)" references: [var.cloudflare_account_id]
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_level_managed_waf (expand)" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_account_id" references: []
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" references: [var.cloudflare_email var.cloudflare_account_id var.cloudflare_token]
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "cloudflare_argo.example (expand)" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_custom_firewall (expand)" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_rl_custom_firewall (expand)" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_rl_custom_firewall (expand)" references: [var.cloudflare_account_id]
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_custom_firewall_root (expand)" references: [cloudflare_ruleset.account_custom_firewall (expand) var.cloudflare_account_id cloudflare_ruleset.account_custom_firewall (expand)]
2021-10-22T10:14:28.373+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_zone" references: []
2021-10-22T10:14:28.374+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.terraform_standard_headers (expand)" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.374+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_level_managed_waf_2 (expand)" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.374+0100 [DEBUG] ReferenceTransformer: "cloudflare_ip_list.example (expand)" references: [var.cloudflare_account_id]
2021-10-22T10:14:28.374+0100 [DEBUG] ReferenceTransformer: "cloudflare_record.MX (expand)" references: [var.cloudflare_zone_id]
2021-10-22T10:14:28.374+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_email" references: []
2021-10-22T10:14:28.374+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_token" references: []
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "cloudflare_ruleset.zone_custom_firewall (expand)", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "cloudflare_ruleset.zone_rl_custom_firewall (expand)", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "cloudflare_ruleset.account_rl_custom_firewall (expand)", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "cloudflare_ruleset.account_custom_firewall_root (expand)", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "var.cloudflare_zone", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "cloudflare_argo.example (expand)", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "cloudflare_ip_list.example (expand)", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "cloudflare_record.MX (expand)", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "cloudflare_ruleset.terraform_standard_headers (expand)", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "cloudflare_ruleset.account_rl_custom_firewall_root (expand)", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "var.cloudflare_api_token", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "cloudflare_ruleset.account_managed_waf (expand)", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "cloudflare_ruleset.zone_level_managed_waf (expand)", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Removing "cloudflare_ruleset.account_custom_firewall (expand)", filtered by targeting.
2021-10-22T10:14:28.374+0100 [DEBUG] Starting graph walk: walkPlan
2021-10-22T10:14:28.375+0100 [DEBUG] created provider logger: level=debug
2021-10-22T10:14:28.375+0100 [INFO]  provider: configuring client automatic mTLS
2021-10-22T10:14:28.405+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0 args=[.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0]
2021-10-22T10:14:28.408+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0 pid=61974
2021-10-22T10:14:28.409+0100 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0
2021-10-22T10:14:28.423+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: configuring server automatic mTLS: timestamp=2021-10-22T10:14:28.422+0100
2021-10-22T10:14:28.430+0100 [DEBUG] provider: using plugin: version=5
2021-10-22T10:14:28.430+0100 [DEBUG] provider.terraform-provider-cloudflare_v3.3.0: plugin address: address=/var/folders/nc/rqxx96yx24z2kk4w9twdjcg00000gp/T/plugin2794634296 network=unix timestamp=2021-10-22T10:14:28.430+0100
2021-10-22T10:14:28.467+0100 [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" changed the config value, but that value is unused
2021-10-22T10:14:28.468+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: 2021/10/22 10:14:28 [INFO] Cloudflare Client configured for user: EMAIL: timestamp=2021-10-22T10:14:28.467+0100
2021-10-22T10:14:28.468+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: 2021/10/22 10:14:28 [INFO] Using specified account id 42ac0aa76a8d6368913cdcc93e1df204 in Cloudflare provider: timestamp=2021-10-22T10:14:28.468+0100
2021-10-22T10:14:28.468+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: 2021/10/22 10:14:28 [INFO] Cloudflare Client configured for user: EMAIL: timestamp=2021-10-22T10:14:28.468+0100
2021-10-22T10:14:28.468+0100 [DEBUG] Resource instance state not found for node "cloudflare_ruleset.zone_level_managed_waf_2", instance cloudflare_ruleset.zone_level_managed_waf_2
2021-10-22T10:14:28.468+0100 [INFO]  ReferenceTransformer: reference not found: "var.cloudflare_zone_id"
2021-10-22T10:14:28.468+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_level_managed_waf_2" references: []
2021-10-22T10:14:28.468+0100 [DEBUG] refresh: cloudflare_ruleset.zone_level_managed_waf_2: no state, so not refreshing
2021-10-22T10:14:28.473+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-10-22T10:14:28.474+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0 pid=61974
2021-10-22T10:14:28.474+0100 [DEBUG] provider: plugin exited
2021-10-22T10:14:28.478+0100 [DEBUG] command: asking for input: "\nDo you want to perform these actions?"
2021-10-22T10:14:30.350+0100 [INFO]  backend/local: apply calling Apply
2021-10-22T10:14:30.350+0100 [INFO]  terraform: building graph: GraphTypeApply
2021-10-22T10:14:30.351+0100 [DEBUG] Resource state not found for node "cloudflare_ruleset.zone_level_managed_waf_2", instance cloudflare_ruleset.zone_level_managed_waf_2
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_rl_custom_firewall (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.zone_level_managed_waf_2" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_custom_firewall (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.zone_rl_custom_firewall (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_managed_waf (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_custom_firewall_root (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.zone_custom_firewall (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.zone_level_managed_waf (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_record.MX (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.account_rl_custom_firewall_root (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.terraform_standard_headers (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_ip_list.example (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_argo.example (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.352+0100 [DEBUG] ProviderTransformer: "cloudflare_ruleset.zone_level_managed_waf_2 (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_record.MX (expand)" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_argo.example (expand)" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_level_managed_waf_2 (expand)" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_custom_firewall (expand)" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_email" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_zone_id" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_level_managed_waf (expand)" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_token" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_zone" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_custom_firewall_root (expand)" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.terraform_standard_headers (expand)" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" references: [var.cloudflare_token var.cloudflare_email var.cloudflare_account_id]
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_rl_custom_firewall_root (expand)" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_rl_custom_firewall (expand)" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_ip_list.example (expand)" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_managed_waf (expand)" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_rl_custom_firewall (expand)" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_account_id" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "var.cloudflare_api_token" references: []
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.zone_level_managed_waf_2" references: [var.cloudflare_zone_id]
2021-10-22T10:14:30.353+0100 [DEBUG] ReferenceTransformer: "cloudflare_ruleset.account_custom_firewall (expand)" references: []
2021-10-22T10:14:30.354+0100 [DEBUG] pruneUnusedNodes: cloudflare_ruleset.account_custom_firewall_root (expand) is no longer needed, removing
2021-10-22T10:14:30.354+0100 [DEBUG] pruneUnusedNodes: cloudflare_ruleset.account_rl_custom_firewall_root (expand) is no longer needed, removing
2021-10-22T10:14:30.354+0100 [DEBUG] pruneUnusedNodes: cloudflare_ruleset.terraform_standard_headers (expand) is no longer needed, removing
2021-10-22T10:14:30.354+0100 [DEBUG] pruneUnusedNodes: cloudflare_ruleset.account_custom_firewall (expand) is no longer needed, removing
2021-10-22T10:14:30.354+0100 [DEBUG] pruneUnusedNodes: cloudflare_ruleset.zone_rl_custom_firewall (expand) is no longer needed, removing
2021-10-22T10:14:30.354+0100 [DEBUG] pruneUnusedNodes: cloudflare_ip_list.example (expand) is no longer needed, removing
2021-10-22T10:14:30.354+0100 [DEBUG] pruneUnusedNodes: cloudflare_ruleset.account_managed_waf (expand) is no longer needed, removing
2021-10-22T10:14:30.354+0100 [DEBUG] pruneUnusedNodes: cloudflare_ruleset.account_rl_custom_firewall (expand) is no longer needed, removing
2021-10-22T10:14:30.354+0100 [DEBUG] pruneUnusedNodes: cloudflare_ruleset.zone_custom_firewall (expand) is no longer needed, removing
2021-10-22T10:14:30.354+0100 [DEBUG] pruneUnusedNodes: cloudflare_argo.example (expand) is no longer needed, removing
2021-10-22T10:14:30.354+0100 [DEBUG] pruneUnusedNodes: cloudflare_record.MX (expand) is no longer needed, removing
2021-10-22T10:14:30.354+0100 [DEBUG] pruneUnusedNodes: cloudflare_ruleset.zone_level_managed_waf (expand) is no longer needed, removing
2021-10-22T10:14:30.354+0100 [DEBUG] Removing "var.cloudflare_zone", filtered by targeting.
2021-10-22T10:14:30.354+0100 [DEBUG] Removing "var.cloudflare_api_token", filtered by targeting.
2021-10-22T10:14:30.355+0100 [DEBUG] Starting graph walk: walkApply
2021-10-22T10:14:30.355+0100 [DEBUG] created provider logger: level=debug
2021-10-22T10:14:30.355+0100 [INFO]  provider: configuring client automatic mTLS
2021-10-22T10:14:30.388+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0 args=[.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0]
2021-10-22T10:14:30.392+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0 pid=61977
2021-10-22T10:14:30.392+0100 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0
2021-10-22T10:14:30.405+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: configuring server automatic mTLS: timestamp=2021-10-22T10:14:30.405+0100
2021-10-22T10:14:30.413+0100 [DEBUG] provider.terraform-provider-cloudflare_v3.3.0: plugin address: address=/var/folders/nc/rqxx96yx24z2kk4w9twdjcg00000gp/T/plugin2857314132 network=unix timestamp=2021-10-22T10:14:30.413+0100
2021-10-22T10:14:30.413+0100 [DEBUG] provider: using plugin: version=5
2021-10-22T10:14:30.448+0100 [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" changed the config value, but that value is unused
2021-10-22T10:14:30.449+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: 2021/10/22 10:14:30 [INFO] Cloudflare Client configured for user: EMAIL: timestamp=2021-10-22T10:14:30.449+0100
2021-10-22T10:14:30.449+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: 2021/10/22 10:14:30 [INFO] Using specified account id 42ac0aa76a8d6368913cdcc93e1df204 in Cloudflare provider: timestamp=2021-10-22T10:14:30.449+0100
2021-10-22T10:14:30.449+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: 2021/10/22 10:14:30 [INFO] Cloudflare Client configured for user: EMAIL: timestamp=2021-10-22T10:14:30.449+0100
2021-10-22T10:14:30.453+0100 [INFO]  Starting apply for cloudflare_ruleset.zone_level_managed_waf_2
2021-10-22T10:14:30.453+0100 [DEBUG] cloudflare_ruleset.zone_level_managed_waf_2: applying the planned Create change
2021-10-22T10:14:30.454+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: 2021/10/22 10:14:30 [DEBUG] unknown key encountered in buildRulesetRulesFromResource for action parameters: products: timestamp=2021-10-22T10:14:30.454+0100
2021-10-22T10:14:30.455+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: 2021/10/22 10:14:30 [DEBUG] Cloudflare API Request Details:
---[ REQUEST ]---------------------------------------
POST /client/v4/zones/a12621e46a2dd7c9bcb9e7a536be7961/rulesets HTTP/1.1
Host: api.cloudflare.com
User-Agent: terraform/1.0.9 terraform-plugin-sdk/2.8.0 terraform-provider-cloudflare/3.3.0
Content-Length: 474
Content-Type: application/json
X-Auth-Email: EMAIL
X-Auth-Key: KEY
Accept-Encoding: gzip

{
 "name": "managed WAF",
 "description": "managed WAF ruleset description",
 "kind": "zone",
 "phase": "http_request_firewall_managed",
 "rules": [
  {
   "action": "execute",
   "action_parameters": {
    "id": "efb7b8c949ac4650a09736fc376e9aee",
    "overrides": {
     "enabled": false,
     "categories": [
      {
       "category": "wordpress",
       "action": "js_challenge",
       "enabled": true
      }
     ]
    },
    "version": "latest"
   },
   "expression": "true",
   "description": "Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset",
   "enabled": true
  }
 ]
}
-----------------------------------------------------: timestamp=2021-10-22T10:14:30.455+0100
2021-10-22T10:14:31.728+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: 2021/10/22 10:14:31 [DEBUG] Cloudflare API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Cf-Cache-Status: DYNAMIC
Cf-Ray: 6a219da639256570-LHR
Content-Type: application/json; charset=UTF-8
Date: Fri, 22 Oct 2021 09:14:31 GMT
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
Set-Cookie: __cflb=0H28vgHxwvgAQtjUGU56Rb8iNWZVUvXheaDuVqvYEUm; SameSite=Lax; path=/; expires=Fri, 22-Oct-21 11:44:32 GMT; HttpOnly
Set-Cookie: __cfruid=73cf6b2339edc4642cceb3a75b2b42c96f16e527-1634894071; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
Vary: Accept-Encoding
X-Envoy-Upstream-Service-Time: 50
X-Version: 4629-4ad5c17d3235

{
  "result": {
    "id": "bbda5c929d9049e5b2060db619076dd4",
    "name": "managed WAF",
    "description": "managed WAF ruleset description",
    "source": "firewall_managed",
    "kind": "zone",
    "version": "1",
    "rules": [
      {
        "id": "ee9e55275c874e62adbb5b435e2645d0",
        "version": "1",
        "action": "execute",
        "action_parameters": {
          "id": "efb7b8c949ac4650a09736fc376e9aee",
          "version": "latest",
          "overrides": {
            "categories": [
              {
                "category": "wordpress",
                "action": "js_challenge",
                "enabled": true
              }
            ],
            "enabled": false
          }
        },
        "expression": "true",
        "description": "Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset",
        "last_updated": "2021-10-22T09:14:31.665428Z",
        "ref": "ee9e55275c874e62adbb5b435e2645d0",
        "enabled": true
      }
    ],
    "last_updated": "2021-10-22T09:14:31.665428Z",
    "phase": "http_request_firewall_managed"
  },
  "success": true,
  "errors": [],
  "messages": []
}

-----------------------------------------------------: timestamp=2021-10-22T10:14:31.728+0100
2021-10-22T10:14:31.728+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: 2021/10/22 10:14:31 [DEBUG] Cloudflare API Request Details:
---[ REQUEST ]---------------------------------------
PUT /client/v4/zones/a12621e46a2dd7c9bcb9e7a536be7961/rulesets/phases/http_request_firewall_managed/entrypoint HTTP/1.1
Host: api.cloudflare.com
User-Agent: terraform/1.0.9 terraform-plugin-sdk/2.8.0 terraform-provider-cloudflare/3.3.0
Content-Length: 399
Content-Type: application/json
X-Auth-Email: EMAIL
X-Auth-Key: KEY
Accept-Encoding: gzip

{
 "description": "managed WAF ruleset description",
 "rules": [
  {
   "action": "execute",
   "action_parameters": {
    "id": "efb7b8c949ac4650a09736fc376e9aee",
    "overrides": {
     "enabled": false,
     "categories": [
      {
       "category": "wordpress",
       "action": "js_challenge",
       "enabled": true
      }
     ]
    },
    "version": "latest"
   },
   "expression": "true",
   "description": "Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset",
   "enabled": true
  }
 ]
}
-----------------------------------------------------: timestamp=2021-10-22T10:14:31.728+0100
2021-10-22T10:14:32.888+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: 2021/10/22 10:14:32 [DEBUG] Cloudflare API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Cf-Cache-Status: DYNAMIC
Cf-Ray: 6a219dad2ffb6570-LHR
Content-Type: application/json; charset=UTF-8
Date: Fri, 22 Oct 2021 09:14:32 GMT
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
Set-Cookie: __cflb=0H28vgHxwvgAQtjUGU56Rb8iNWZVUvXhejvaWek2qkH; SameSite=Lax; path=/; expires=Fri, 22-Oct-21 11:44:33 GMT; HttpOnly
Set-Cookie: __cfruid=2747338fd3f6b0043a079b40dab8ee40c134f044-1634894072; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
Vary: Accept-Encoding
X-Envoy-Upstream-Service-Time: 69
X-Version: 4629-4ad5c17d3235

{
  "result": {
    "id": "bbda5c929d9049e5b2060db619076dd4",
    "name": "managed WAF",
    "description": "managed WAF ruleset description",
    "source": "firewall_managed",
    "kind": "zone",
    "version": "2",
    "rules": [
      {
        "id": "dfa95ef8351f409ba4da5256f375646d",
        "version": "1",
        "action": "execute",
        "action_parameters": {
          "id": "efb7b8c949ac4650a09736fc376e9aee",
          "version": "latest",
          "overrides": {
            "categories": [
              {
                "category": "wordpress",
                "action": "js_challenge",
                "enabled": true
              }
            ],
            "enabled": false
          }
        },
        "expression": "true",
        "description": "Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset",
        "last_updated": "2021-10-22T09:14:32.813616Z",
        "ref": "dfa95ef8351f409ba4da5256f375646d",
        "enabled": true
      }
    ],
    "last_updated": "2021-10-22T09:14:32.813616Z",
    "phase": "http_request_firewall_managed"
  },
  "success": true,
  "errors": [],
  "messages": []
}

-----------------------------------------------------: timestamp=2021-10-22T10:14:32.887+0100
2021-10-22T10:14:32.889+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: 2021/10/22 10:14:32 [DEBUG] Cloudflare API Request Details:
---[ REQUEST ]---------------------------------------
GET /client/v4/zones/a12621e46a2dd7c9bcb9e7a536be7961/rulesets/bbda5c929d9049e5b2060db619076dd4 HTTP/1.1
Host: api.cloudflare.com
User-Agent: terraform/1.0.9 terraform-plugin-sdk/2.8.0 terraform-provider-cloudflare/3.3.0
Content-Type: application/json
X-Auth-Email: EMAIL
X-Auth-Key: KEY
Accept-Encoding: gzip


-----------------------------------------------------: timestamp=2021-10-22T10:14:32.888+0100
2021-10-22T10:14:33.922+0100 [INFO]  provider.terraform-provider-cloudflare_v3.3.0: 2021/10/22 10:14:33 [DEBUG] Cloudflare API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Cf-Cache-Status: DYNAMIC
Cf-Ray: 6a219db46ec56570-LHR
Content-Type: application/json; charset=UTF-8
Date: Fri, 22 Oct 2021 09:14:34 GMT
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
Set-Cookie: __cflb=0H28vgHxwvgAQtjUGU56Rb8iNWZVUvXhf5KvYGP24HK; SameSite=Lax; path=/; expires=Fri, 22-Oct-21 11:44:35 GMT; HttpOnly
Set-Cookie: __cfruid=edba9a304c2e926f3e990fd0c45d437b8c87ab20-1634894074; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
Vary: Accept-Encoding
X-Envoy-Upstream-Service-Time: 14
X-Version: 4629-4ad5c17d3235

{
  "result": {
    "id": "bbda5c929d9049e5b2060db619076dd4",
    "name": "managed WAF",
    "description": "managed WAF ruleset description",
    "source": "firewall_managed",
    "kind": "zone",
    "version": "2",
    "rules": [
      {
        "id": "dfa95ef8351f409ba4da5256f375646d",
        "version": "1",
        "action": "execute",
        "action_parameters": {
          "id": "efb7b8c949ac4650a09736fc376e9aee",
          "version": "latest",
          "overrides": {
            "categories": [
              {
                "category": "wordpress",
                "action": "js_challenge",
                "enabled": true
              }
            ],
            "enabled": false
          }
        },
        "expression": "true",
        "description": "Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset",
        "last_updated": "2021-10-22T09:14:32.813616Z",
        "ref": "dfa95ef8351f409ba4da5256f375646d",
        "enabled": true
      }
    ],
    "last_updated": "2021-10-22T09:14:32.813616Z",
    "phase": "http_request_firewall_managed"
  },
  "success": true,
  "errors": [],
  "messages": []
}

-----------------------------------------------------: timestamp=2021-10-22T10:14:33.922+0100
2021-10-22T10:14:33.923+0100 [WARN]  Provider "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" produced an unexpected new value for cloudflare_ruleset.zone_level_managed_waf_2, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .rules[0].action_parameters[0].increment: was null, but now cty.NumberIntVal(0)
      - .rules[0].action_parameters[0].ruleset: was null, but now cty.StringVal("")
      - .rules[0].action_parameters[0].overrides[0].action: was null, but now cty.StringVal("")
      - .rules[0].action_parameters[0].overrides[0].enabled: was null, but now cty.False
2021-10-22T10:14:33.953+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-10-22T10:14:33.957+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.3.0/darwin_amd64/terraform-provider-cloudflare_v3.3.0 pid=61977
2021-10-22T10:14:33.957+0100 [DEBUG] provider: plugin exited
2021-10-22T10:15:26.379+0100 [DEBUG] Adding temp file log sink: /var/folders/nc/rqxx96yx24z2kk4w9twdjcg00000gp/T/terraform-log841913386
2021-10-22T10:15:26.379+0100 [INFO]  Terraform version: 1.0.9
2021-10-22T10:15:26.379+0100 [INFO]  Go runtime version: go1.16.4
2021-10-22T10:15:26.379+0100 [INFO]  CLI args: []string{"/Users/venceslas/bin/terraform", "-v"}
2021-10-22T10:15:26.380+0100 [DEBUG] Attempting to open CLI config file: /Users/venceslas/.terraformrc
2021-10-22T10:15:26.380+0100 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2021-10-22T10:15:26.380+0100 [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2021-10-22T10:15:26.380+0100 [DEBUG] ignoring non-existing provider search directory /Users/venceslas/.terraform.d/plugins
2021-10-22T10:15:26.380+0100 [DEBUG] ignoring non-existing provider search directory /Users/venceslas/Library/Application Support/io.terraform/plugins
2021-10-22T10:15:26.380+0100 [DEBUG] ignoring non-existing provider search directory /Library/Application Support/io.terraform/plugins
2021-10-22T10:15:26.380+0100 [INFO]  CLI command args: []string{"version", "-v"}

Panic output

No response

Expected output

The request should not contain "enabled": false in action_parameters -> overrides
The output should be

{
  "result": {
    "id": "bbda5c929d9049e5b2060db619076dd4",
    "name": "managed WAF",
    "description": "managed WAF ruleset description",
    "source": "firewall_managed",
    "kind": "zone",
    "version": "2",
    "rules": [
      {
        "id": "dfa95ef8351f409ba4da5256f375646d",
        "version": "1",
        "action": "execute",
        "action_parameters": {
          "id": "efb7b8c949ac4650a09736fc376e9aee",
          "version": "latest",
          "overrides": {
            "categories": [
              {
                "category": "wordpress",
                "action": "js_challenge",
                "enabled": true
              }
            ],
          }
        },
        "expression": "true",
        "description": "Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset",
        "last_updated": "2021-10-22T09:14:32.813616Z",
        "ref": "dfa95ef8351f409ba4da5256f375646d",
        "enabled": true
      }
    ],
    "last_updated": "2021-10-22T09:14:32.813616Z",
    "phase": "http_request_firewall_managed"
  },
  "success": true,
  "errors": [],
  "messages": []
}

Actual output

That is the result of the GET on the entrypoint, I got after apply the terraform configuration.

{
    "result": {
        "id": "bbda5c929d9049e5b2060db619076dd4",
        "name": "managed WAF",
        "description": "managed WAF ruleset description",
        "source": "firewall_managed",
        "kind": "zone",
        "version": "2",
        "rules": [
            {
                "id": "dfa95ef8351f409ba4da5256f375646d",
                "version": "1",
                "action": "execute",
                "action_parameters": {
                    "id": "efb7b8c949ac4650a09736fc376e9aee",
                    "version": "latest",
                    "overrides": {
                        "categories": [
                            {
                                "category": "wordpress",
                                "action": "js_challenge",
                                "enabled": true
                            }
                        ],
                        "enabled": false
                    }
                },
                "expression": "true",
                "description": "Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset",
                "last_updated": "2021-10-22T09:14:32.813616Z",
                "ref": "dfa95ef8351f409ba4da5256f375646d",
                "enabled": true
            }
        ],
        "last_updated": "2021-10-22T09:14:32.813616Z",
        "phase": "http_request_firewall_managed"
    },
    "success": true,
    "errors": [],
    "messages": []
}

Steps to reproduce

  1. Create a TF configuration for the WAF as my example above
  2. terraform apply -target cloudflare_ruleset.zone_level_managed_waf_2
  3. Do a GET on the entrypoint and you will noticed the enabled: false

The consequence of that configuration is all the rules within the Rulesets are disabled.

Additional factoids

I suspect a missing check on that line https://github.com/cloudflare/terraform-provider-cloudflare/blob/master/cloudflare/resource_cloudflare_ruleset.go#L693 to avoid to set Enabled to false if not defined.

References

No response
@vences vences added kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Oct 22, 2021
@jacobbednarz
Copy link
Member

This is one of those unfortunately side effects of combining using a boolean pointer, true/false are conditional values and in Go, the default value of an uninitialised boolean is false. However, should we default the value to true via the schema, it will always apply an override block with true regardless of what else is present.

I'll have to have a think about what we can do here as the only thing that comes to mind is passing around *schema.Resource in the methods which ends up bloating everything and would rely on d.GetOkExists which we are attempting to move away from following Terraform core.

@vences
Copy link
Contributor Author

vences commented Oct 24, 2021
edited
Loading

I see! Having true would be better but still not the expected behaviour. For example not having enabled in the Cloudflare Managed Rulesets turn the rules by default which is a mix of true and false. If enabled is set to true the result would be the inability to turn that default configuration which is a configuration to reduce false positive and protect against the latest vulnerabilities.
The default configuration is illustrated here in the doc which result for the API call to not have enabled.

for the others Rulesets (OWASP, Exposed Checked Credentials leaked) there is no such configuration for now and all rules are turned to true by default.

jacobbednarz added a commit that referenced this issue Oct 24, 2021
@jacobbednarz
resource/cloudflare_ruleset: allow override + rule enabled to be om…
1281319 
…itted

Updates the `rules.*.action_parameters.0.enabled` to be omitted should
the value not be set.

Closes #1273
@jacobbednarz jacobbednarz mentioned this issue Oct 24, 2021
Merged
@jacobbednarz
Copy link
Member

went with the option of just passing around *schema.Resource causing a bit of bloat but it does address the underlying bug until we have a better approach.

@jacobbednarz jacobbednarz added triage/accepted Indicates an issue or PR is ready to be actively worked on. workflow/pr-attached Indicates the issue has PR(s) attached. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Oct 24, 2021
jacobbednarz added a commit that referenced this issue Oct 25, 2021
@jacobbednarz
resource/cloudflare_ruleset: allow override + rule enabled to be om…
b0a3395 
…itted

Updates the `rules.*.action_parameters.0.enabled` to be omitted should
the value not be set.

Closes #1273
@vences
Copy link
Contributor Author

vences commented Nov 1, 2021
edited
Loading

Hey @jacobbednarz,

Sorry to reopen that one, but I did tests with the version 3.4 and I still have the issue, it is now only limited to the update. If I update my configuration file from a line where enabled is defined and remove it, the output is always enabled = false.

Information

➜ terraform -v
Terraform v1.0.10
on darwin_amd64
+ provider registry.terraform.io/cloudflare/cloudflare v3.4.0
+ provider registry.terraform.io/hashicorp/random v2.3.1

Step to reproduce

1st configuration file

resource "cloudflare_ruleset" "zone_level_managed_waf" {
  zone_id     = var.cloudflare_zone_id
  name        = "managed WAF"
  description = "managed WAF ruleset description"
  kind        = "zone"
  phase       = "http_request_firewall_managed"

  rules {
    action = "execute"
    action_parameters {
        id = "efb7b8c949ac4650a09736fc376e9aee"
        version = "latest"
        overrides {
          rules {
            id = "5de7edfa648c4d6891dc3e7f84534ffa"
            action = "block"
            enabled = true
          }
          rules {
            id = "75a0060762034a6cb663fd51a02344cb"
            action = "log"
            enabled = true
          }
          categories {
            category = "wordpress"
            action = "js_challenge"
            enabled = true
          }
          action = "challenge"
        }
    }
    expression = "true"
    description = "Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset"
    enabled = true
  }
}

--> all good

2nd configuration, add of enabled = true

resource "cloudflare_ruleset" "zone_level_managed_waf" {
  zone_id     = var.cloudflare_zone_id
  name        = "managed WAF"
  description = "managed WAF ruleset description"
  kind        = "zone"
  phase       = "http_request_firewall_managed"

  rules {
    action = "execute"
    action_parameters {
        id = "efb7b8c949ac4650a09736fc376e9aee"
        version = "latest"
        overrides {
          rules {
            id = "5de7edfa648c4d6891dc3e7f84534ffa"
            action = "block"
            enabled = true
          }
          rules {
            id = "75a0060762034a6cb663fd51a02344cb"
            action = "log"
            enabled = true
          }
          categories {
            category = "wordpress"
            action = "js_challenge"
            enabled = true
          }
          enabled = true
          action = "challenge"
        }
    }
    expression = "true"
    description = "Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset"
    enabled = true
  }
}

--> all good as well

3rd change, removing enabled = true. My configuration is the same as the 1st one

resource "cloudflare_ruleset" "zone_level_managed_waf" {
  zone_id     = var.cloudflare_zone_id
  name        = "managed WAF"
  description = "managed WAF ruleset description"
  kind        = "zone"
  phase       = "http_request_firewall_managed"

  rules {
    action = "execute"
    action_parameters {
        id = "efb7b8c949ac4650a09736fc376e9aee"
        version = "latest"
        overrides {
          rules {
            id = "5de7edfa648c4d6891dc3e7f84534ffa"
            action = "block"
            enabled = true
          }
          rules {
            id = "75a0060762034a6cb663fd51a02344cb"
            action = "log"
            enabled = true
          }
          categories {
            category = "wordpress"
            action = "js_challenge"
            enabled = true
          }
          action = "challenge"
        }
    }
    expression = "true"
    description = "Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset"
    enabled = true
  }
}

--> in that update the enabled is set to false.

Debug file

Please find attached the debug file on all those changes.
terraform.log

@jacobbednarz
Copy link
Member

If I update my configuration file from a line where enabled is defined and remove it, the output is always enabled = false.

If I'm reading this correctly, this is expected due to the way d.GetOkExists works with boolean fields that have been initialised (set to something) and the value itself is now either true or false at all times. Once that field has been set, there isn't a way to tell if it has been unset again. Even though we use a pointer in the Golang SDK, Terraform doesn't have the language support yet to determine pointers vs values.

My advice would if you're setting it, going forward we need to keep it in there explicitly to the value you want.

@vences
Copy link
Contributor Author

vences commented Nov 1, 2021

Thanks Jacob for picking it so quickly!
I think it would be great to have that note in the documentation. What do you think?

@jacobbednarz
Copy link
Member

Sure, I'm not certain where we could put it that would make sense (in the description itself?) but we are trying to make this a thing that is easier to do in the SDK via hashicorp/terraform-plugin-sdk#817

@vences
Copy link
Contributor Author

vences commented Nov 2, 2021

I was thinking to add it here -> https://github.com/cloudflare/terraform-provider-cloudflare/blob/master/website/docs/r/ruleset.html.markdown?plain=1#L286 like a note at the end of the line -> note: if used, it is advised to keep it explicitly to the value you want..
Not sure if it would make sense.

@vences vences mentioned this issue Jan 18, 2022
Closed
2 tasks
@brandonstrohmeyer brandonstrohmeyer mentioned this issue Jan 21, 2022
Closed
2 tasks
@vences vences mentioned this issue Feb 8, 2022
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. triage/accepted Indicates an issue or PR is ready to be actively worked on. workflow/pr-attached Indicates the issue has PR(s) attached.
Projects
None yet
Milestone
No milestone
2 participants
@jacobbednarz @vences