Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cloudflare_access_policy only pick up the last access condition block #1372

Closed
2 tasks done
cucxabong opened this issue Jan 8, 2022 · 4 comments
Closed
2 tasks done

cloudflare_access_policy only pick up the last access condition block #1372

cucxabong opened this issue Jan 8, 2022 · 4 comments
Labels
kind/support Categorizes issue or PR as related to user support.

Comments

@cucxabong
Copy link
Contributor

cucxabong commented Jan 8, 2022
edited
Loading

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.0.11
on darwin_arm64

Affected resource(s)

cloudflare_access_policy

Terraform configuration files

resource "cloudflare_access_policy" "test-multiple-policy-items" {
  account_id     = local.account_id
  application_id = cloudflare_access_application.apps.id
  name           = "test application policy"
  precedence     = "4"
  decision       = "allow"

  include {
    email_domain = local.policy_email_domains
  }

  include {
    device_posture = local.device_postures
  }
}

Debug output

N/A

Panic output

No response

Expected output

All access condition be created in Cloudflare

Actual output

Only the last condition block get created

Steps to reproduce

  1. Create terraform code as above
  2. Run terraform apply

Additional factoids

I think the problem come from this function https://github.com/cloudflare/terraform-provider-cloudflare/blob/master/cloudflare/resource_cloudflare_access_policy.go#L260. Instead of append all configs into policy.(Include|Require|Exclude), it does an assignment to the last non-nil config

I have tried to modify a little bit & it worked as expected. Will happy to contribute if this is actually a bug

References

No response
@cucxabong cucxabong added kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jan 8, 2022
@jacobbednarz
Copy link
Member

jacobbednarz commented Jan 8, 2022
edited
Loading

pretty sure the issue here is that you’ve got multiple blocks of include but your meant to have multiple conditions inside of a single include.

can you try that and see?

@jacobbednarz jacobbednarz added kind/support Categorizes issue or PR as related to user support. and removed kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jan 8, 2022
@cucxabong
Copy link
Contributor Author

cucxabong commented Jan 8, 2022
edited
Loading

multiple conditions inside a single include create all configured conditions but face another issue #1215 . Based on what server side response to AccountAccessRule method, I think specify multiple include will keep the state un-change on subsequence terraform apply calls

@cucxabong
Copy link
Contributor Author

and from the schema I see include block is schema.TypeList. So does it should naturally support multiple include block?

@jacobbednarz
Copy link
Member

So does it should naturally support multiple include block?

it supports both but we’re using it as a single one. the schema should be enforcing this with MaxItems: 1

closing in favour of #1215 fixing the underlying issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/support Categorizes issue or PR as related to user support.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jacobbednarz @cucxabong