Closed hpapadopoulos closed 2 years ago
Similarly, even after state rm, another setting is giving the same error:
│ Error: invalid zone setting "binary_ast" (value: on) found - cannot be set as it is read only
│
│ with cloudflare_zone_settings_override.this,
│ on zone_settings.tf line 1, in resource "cloudflare_zone_settings_override" "this":
│ 1: resource "cloudflare_zone_settings_override" "this" {
and then again from another state rm and try to set it from scratch
│ Error: invalid zone setting "binary_ast" (value: off) found - cannot be set as it is read only
│
│ with cloudflare_zone_settings_override.this,
│ on zone_settings.tf line 1, in resource "cloudflare_zone_settings_override" "this":
│ 1: resource "cloudflare_zone_settings_override" "this" {
So no matter if you try with on/of, it will won't allow it. When I remove it from the config entirely, I get this:
╷
│ Error: invalid zone setting "binary_ast" (value: ) found - cannot be set as it is read only
│
│
╵
please see the documentation for this on the provider registry - https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zone_settings_override#plan-dependent-settings
you shouldn't be defining all these settings unless you are explicitly wanting to override them. this resource isn't intended to be used as a "manage all settings in state" resource, only overrides from the defaults.
Hey @jacobbednarz , thanks for the reply, but as I mentioned here, it doesn't matter if it is defined or not or what value we have, it still throws the error.
Gabe from CSUP here, had a customer with the same issue, without having that setting in the script, on provider v3.4.
the reason it will be constantly erroring now is that the values are already in the state file and attempting to update the resource with them. you should remove the resource from state and reapply only the settings you are overriding and it should be fine.
Hey @jacobbednarz , as I mentioned above, I always go with blank state: This (Similarly, even after state rm, another setting is giving the same error:)
I'm dealing with the exact same issue and my settings block is completely empty -
resource "cloudflare_zone_settings_override" "settings" {
zone_id = var.zone_id
settings {
}
}
and I still get an error along the lines of Error: invalid zone setting "mirage" (value: ) found - cannot be set as it is read only
This resource is basically unusable for me
Hey guys. I'll be dealing with this issue since @jacobbednarz is away for a while.
So far, I've been unable to reproduce your issue. The read only settings are not supposed to be put into config file. But even after I remove them, the settings are applied fine. If it does actually land in a state file, removing it with terraform state rm
should fix it. Either way, if you look into .tfstate
file, it should be in the readonly_settings
section, indicating as uneditable.
For more context I need the debug log. https://www.terraform.io/docs/internals/debugging.html describes how to generate one. Be sure to redact your API keys/tokens, but the rest of the output should be unedited. If you are uncomfortable posting them here on GitHub, please attach them to your respective support tickets (I believe you opened one).
Hey guys. I'll be dealing with this issue since @jacobbednarz is away for a while.
So far, I've been unable to reproduce your issue. The read only settings are not supposed to be put into config file. But even after I remove them, the settings are applied fine. If it does actually land in a state file, removing it with
terraform state rm
should fix it. Either way, if you look into.tfstate
file, it should be in thereadonly_settings
section, indicating as uneditable.For more context I need the debug log. https://www.terraform.io/docs/internals/debugging.html describes how to generate one. Be sure to redact your API keys/tokens, but the rest of the output should be unedited. If you are uncomfortable posting them here on GitHub, please attach them to your respective support tickets (I believe you opened one).
I managed to fix it by using terraform state rm
. Huge thanks for the reply anyway!
Hey @patryk, as mentioned in this thread and some others (e.g. https://github.com/cloudflare/terraform-provider-cloudflare/issues/377), this cloudflare_zone_settings_override
isn't intended to be how we define settings. Is there a preferred way or is it still being developed (which in that case I'd love to sign up for a notification of this somehow haha).
Examples of settings: cache settings, speed optimisation, email obfuscation, cache TTL.
Happy to make another "Issue" unless I've missed an existing one already.
Hi @patryk ,
I appreciate the work around, but this is definitely not a solution, as if it requires someone to manually intervene, it beats the purpose of automation and in no way it can be used in a CI/CD pipeline.
Regarding The read only settings are not supposed to be put into config file.
I will once again point towards my previous replies that even if I don't include the config, it still doesn't allow to apply and gives out the error.
In any case, I'll follow up with the support team on the ticket as this doesn't seem to be treated as an issue. (have submitted the debug logs on the ticket)
@fr3fou Great to hear it fixed your issue.
@thomasnugent As @jacobbednarz already mentioned, this resource is meant (by its semantic) to define settings that differ from their defaults. This is an unfortunate design decision of the person who initially implemented the plugin. While I am not aware of immediate plans to deal with it, this is a kind of problem we might attack in a future breaking change (likely mid-term). For now, you should put in a resource only the settings that do differ from their defauls (even if they are already in the defined state because e.g. you manually edited them in UI), except settings unavailable to you in your subscription plan.
@hpapadopoulos Please be assured we're not ignoring your issue, but in order to have a chance fixing it, we need to be able to reproduce it.
Thanks @patryk , but I am not saying that you're ignoring the issue, just that it isn't treated as one and is treated more as if I it is a feature
this resource is meant (by its semantic) to define settings that differ from their defaults.
Although it throws the error even when the values are not defined.
But as mentioned above, I'll follow on the support ticket as I can share more details around it (including the full debug logs ~8.5k lines)
Hi @hpapadopoulos, I believe I've found the root cause of your issue. Hint: you did nothing wrong with image_resizing
. This is also not the Terraform fault.
The API is initially reporting that Image Resizing is "read only", even though you are able to toggle it on in the UI. Once enabled, the API will begin reporting setting as "editable = true". Terraform plugin respects this fields, that's why it reports back error "the setting is read only" to the customer.
To unblock yourself, toggle the setting once manually in the UI (which apparently ignores the "editable" field). My apologies for the issue, but the API is owned by the different team from my own. The Support Team will make them aware of the issue.
Thanks for patience and sorry it took so long.
I am also encountering this issue with true_client_ip_header
.
Removing the resource from the state with terraform state rm <resource>
solves this as a workaround
I had the same issue with v3.20.0 and terraform state rm <resource>
indeed worked. I am still puzzled as to why this was happening. Re-read the entire conversation here as well as the documentation for cloudflare_zone_settings_override
and still don't get it. If this is not an issue in this provider, then where? Could someone who understands this summarize so that someone with mid-level experience (that is not expert) with Terraform and Cloudflare can understand. Much appreciated!
facing this right now, i only want to manage the SSL config and have this
resource "cloudflare_zone_settings_override" "zone_settings" {
zone_id = data.cloudflare_zone.site.id
settings {
ssl = "full"
}
}
but getting errors like
Error: invalid zone setting "origin_error_page_pass_thru" (value: ) found - cannot be set as it is read only
facing this right now, i only want to manage the SSL config and have this
resource "cloudflare_zone_settings_override" "zone_settings" { zone_id = data.cloudflare_zone.site.id settings { ssl = "full" } }
but getting errors like
Error: invalid zone setting "origin_error_page_pass_thru" (value: ) found - cannot be set as it is read only
Not sure if this has been resolved yet but this worked for me just now. Should be noted that I used cf-terraforming for the cloudflare_zone_setting_override
, which imported the entire settings. This didn't work and I came to this thread - all I really want to manage is my ssl mode within the context of Terraform. I removed all the excise settings and reapplied and it went through...
resource "cloudflare_zone_settings_override" "terraform_managed_resource_uuid" {
zone_id = "var.zone_id"
settings {
ssl = "strict"
}
}
I encountered the same issue using Terraform v1.6.4 and v4.20.0 of Cloudflare provider. I think I added some features not available in Cloudflare free tier such as min_tls_version
setting.
resource "cloudflare_zone_settings_override" "your_ressource_name" {
zone_id = cloudflare_zone.example.id
settings {
tls_1_3 = "on"
min_tls_version = "1.2"
automatic_https_rewrites = "on"
ssl = "strict"
}
}
I resolved the issue by removing the option and resource from Terraform cloud state via the command below :
terraform state rm cloudflare_zone_settings_override.<your_ressource_name>
resource "cloudflare_zone_settings_override" "your_ressource_name" {
zone_id = cloudflare_zone.example.id
settings {
tls_1_3 = "on"
automatic_https_rewrites = "on"
ssl = "strict"
}
}
Surprised it's still a thing. My terraform state is in gitlab managed state in their own CI/CD pipeline. Executing any terraform commands locally beat the purpose of gitops and it just very complicated in my case.
Yes, i use this resource for single setting, yet it fails on setting i never set when terraform is trying to recreate the settings.
So i had to add
before_script:
- gitlab-terraform plan
- gitlab-terraform state rm cloudflare_zone_settings_override.%terraform_zone_state_name%
To my gitlab-ci.yml just to remove this state entry. Maybe this workaround will help someone. Replace %terraform_zone_state_name% with actual name.
Confirmation
Terraform and Cloudflare provider version
Affected resource(s)
cloudflare_zone_settings_override
Terraform configuration files
Debug output
│ Error: invalid zone setting "image_resizing" (value: ) found - cannot be set as it is read only
Panic output
No response
Expected output
No changes on the setting
image_resizing
Actual output
Steps to reproduce
Try to apply the config with the default values.
References
Same issue as: https://github.com/cloudflare/terraform-provider-cloudflare/issues/961 That wasn't resolved, just closed, so not sure what the outcome was
This also looks similar https://github.com/cloudflare/terraform-provider-cloudflare/issues/533