Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL Action Parameter Not Persisted In State #2052

Closed
2 tasks done
Evesy opened this issue Nov 23, 2022 · 2 comments
Closed
2 tasks done

SSL Action Parameter Not Persisted In State #2052

Evesy opened this issue Nov 23, 2022 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. triage/needs-information Indicates an issue needs more information in order to work on it.

Comments

@Evesy
Copy link
Contributor

Evesy commented Nov 23, 2022

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.3.2
on linux_amd64

  • provider registry.terraform.io/hashicorp/cloudflare v3.28.0
  • provider registry.terraform.io/hashicorp/google v4.39.0

Affected resource(s)

cloudflare_ruleset

Terraform configuration files

resource "cloudflare_ruleset" "configuration_entrypoint" {
  zone_id     = cloudflare_zone.default.id
  name        = "Configuration Rules Entrypoint"
  description = "Entrypoint for configuration rules"
  kind        = "zone"
  phase       = "http_config_settings"

  rules {
    action = "set_config"
    action_parameters {
      ssl = "full"
    }
    description = "Full SSL"
    expression  = "true"
    enabled     = true
  }
}

Link to debug output

n/a

Panic output

No response

Expected output

Action parameter sets SSL to full in the configuration rule. Subsequent plans show no change.

Actual output

Value is set correctly in Cloudflare, but subsequent TF runs still show planned changes to add the action parameter:

  ~ resource "cloudflare_ruleset" "configuration_entrypoint" {
        id          = "04eb840553504e55821230feb3fad823"
        name        = "Configuration Rules Entrypoint"
        # (4 unchanged attributes hidden)

      ~ rules {
            id          = "291e215cc9cd479eaceb30138ad3d0b3"
            # (4 unchanged attributes hidden)

          ~ action_parameters {
              + ssl                        = "full"
                # (24 unchanged attributes hidden)
            }
        }
    }

Steps to reproduce

  • Apply above configuration
  • Run another plan

Additional factoids

This particular line looks potentially suspect: https://github.com/cloudflare/terraform-provider-cloudflare/blob/master/internal/provider/resource_cloudflare_ruleset.go#L542-L544

When looking at the resource in state it is missing ssl entirely:

resource "cloudflare_ruleset" "configuration_entrypoint" {
    description = "Entrypoint for configuration rules"
    id          = "4b814369c0e94192a7a7784883c239e8"
    kind        = "zone"
    name        = "Configuration Rules Entrypoint"
    phase       = "http_config_settings"
    zone_id     = "ba8aeaa2dfaba5888a44b972388b8d17"

    rules {
        action      = "set_config"
        description = "Full SSL"
        enabled     = true
        expression  = "true"
        id          = "db4395d282cf4b0689652a58b83b42df"

        action_parameters {
            automatic_https_rewrites   = false
            bic                        = false
            cache                      = false
            cookie_fields              = []
            disable_apps               = false
            disable_railgun            = false
            disable_zaraz              = false
            email_obfuscation          = false
            hotlink_protection         = false
            increment                  = 0
            mirage                     = false
            opportunistic_encryption   = false
            origin_error_page_passthru = false
            phases                     = []
            products                   = []
            request_fields             = []
            respect_strong_etags       = false
            response_fields            = []
            rocket_loader              = false
            rules                      = {}
            rulesets                   = []
            server_side_excludes       = false
            status_code                = 0
            sxg                        = false
        }
    }
}

References

No response
@Evesy Evesy added kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Nov 23, 2022
@github-actions
Copy link
Contributor

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

@github-actions github-actions bot added triage/needs-information Indicates an issue needs more information in order to work on it. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Nov 23, 2022
@Evesy
Copy link
Contributor Author

Evesy commented Dec 20, 2022

Fixed by #2088

@Evesy Evesy closed this as completed Dec 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. triage/needs-information Indicates an issue needs more information in order to work on it.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Evesy