search

cloudflare / terraform-provider-cloudflare

Cloudflare Terraform Provider
https://registry.terraform.io/providers/cloudflare/cloudflare
Mozilla Public License 2.0
792 stars 612 forks source link

`cloudflare_worker_script` does not support ESM format #1870

Closed thomastoye closed 2 years ago

thomastoye commented 2 years ago

Confirmation

Terraform and Cloudflare provider version

Terraform v1.2.7
on linux_amd64
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "~> 3.22.0"
    }

Affected resource(s)

cloudflare_worker_script

Terraform configuration files

resource "cloudflare_worker_script" "my_name" {
  name = "my-cfw-name"
  content = file("${path.module}/../../../utils/source/dist/main.mjs")

  plain_text_binding {
    name = "AWS_REGION"
    text = "us-east-2"
  }

  plain_text_binding {
    name = "DRY_RUN"
    text = "false"
  }

  secret_text_binding {
    name = "YYY"
    text = "xxx"
  }

  secret_text_binding {
    name = "ZZZ"
    text = "zzz"
  }
}

Debug output

cloudflare_worker_script.cfw_metrics_cw: Creating...
2022-08-30T11:30:29.055+0200 [INFO]  Starting apply for cloudflare_worker_script.cfw_metrics_cw
2022-08-30T11:30:29.055+0200 [DEBUG] cloudflare_worker_script.cfw_metrics_cw: applying the planned Create change
2022-08-30T11:30:29.056+0200 [DEBUG] provider.terraform-provider-cloudflare_v3.22.0: Cloudflare API Request Details:
---[ REQUEST ]---------------------------------------
GET /client/v4/accounts/.../workers/scripts/cfw-metrics-cw-2 HTTP/1.1
Host: api.cloudflare.com
User-Agent: terraform/1.2.7 terraform-plugin-sdk/2.10.1 terraform-provider-cloudflare/dev
Authorization: [redacted]
Content-Type: application/json
Accept-Encoding: gzip

-----------------------------------------------------: timestamp=2022-08-30T11:30:29.056+0200
2022-08-30T11:30:30.328+0200 [DEBUG] provider.terraform-provider-cloudflare_v3.22.0: Cloudflare API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 404 Not Found
Cf-Cache-Status: DYNAMIC
Cf-Ray: 742c820c9f429070-FRA
Content-Type: application/json; charset=UTF-8
Date: Tue, 30 Aug 2022 09:30:30 GMT
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
Set-Cookie: ...
Set-Cookie: ...
Vary: Accept-Encoding
X-Envoy-Upstream-Service-Time: 9

{
  "result": null,
  "success": false,
  "errors": [
    {
      "code": 10007,
      "message": "workers.api.error.script_not_found"
    }
  ],
  "messages": []
}

-----------------------------------------------------: timestamp=2022-08-30T11:30:30.327+0200
2022-08-30T11:30:30.328+0200 [INFO]  provider.terraform-provider-cloudflare_v3.22.0: Creating Cloudflare Worker Script from struct: &{ZoneID: ScriptName:cfw-metrics-cw-2}: tf_req_id=11d11b01-3cc9-05cb-0148-cfea3f2cebc9 tf_rpc=ApplyResourceChange @module=cloudflare tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_resource_type=cloudflare_worker_script @caller=github.com/cloudflare/terraform-provider-cloudflare/internal/provider/resource_cloudflare_worker_script.go:132 timestamp=2022-08-30T11:30:30.328+0200
2022-08-30T11:30:30.329+0200 [DEBUG] provider.terraform-provider-cloudflare_v3.22.0: Cloudflare API Request Details:
---[ REQUEST ]---------------------------------------
PUT /client/v4/accounts/.../workers/scripts/cfw-metrics-cw-2 HTTP/1.1
Host: api.cloudflare.com
User-Agent: terraform/1.2.7 terraform-plugin-sdk/2.10.1 terraform-provider-cloudflare/dev
Content-Length: 1416
Authorization: [redacted]
Content-Type: multipart/form-data; boundary=167dfb256157501a616f9be297e6ec1d0f0c478ccfa5da096fdc45d2ed0d
Accept-Encoding: gzip

--167dfb256157501a616f9be297e6ec1d0f0c478ccfa5da096fdc45d2ed0d
Content-Disposition: form-data; name="metadata"
Content-Type: application/json

{
 "body_part": "script",
 "bindings": [
  {
   "name": "AWS_REGION",
   "text": "us-east-2",
   "type": "plain_text"
  },
  {
   "name": "CF_ACCOUNT_TAG",
   "text": "...",
   "type": "plain_text"
  },
  {
   "name": "....",
   "text": "....",
   "type": "secret_text"
  },
  {
   "name": "....",
   "text": "....",
   "type": "secret_text"
  },
  ...
 ]
}
--167dfb256157501a616f9be297e6ec1d0f0c478ccfa5da096fdc45d2ed0d
Content-Disposition: form-data; name="script"
Content-Type: application/javascript

export default {
  fetch(request) {
    const base = 'https://example.com';
    const statusCode = 301;

    const destination = new URL(request.url, base);
    return Response.redirect(destination.toString(), statusCode);
  },
};

--167dfb256157501a616f9be297e6ec1d0f0c478ccfa5da096fdc45d2ed0d--

-----------------------------------------------------: timestamp=2022-08-30T11:30:30.329+0200
2022-08-30T11:30:31.351+0200 [DEBUG] provider.terraform-provider-cloudflare_v3.22.0: Cloudflare API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 400 Bad Request
Cf-Cache-Status: DYNAMIC
Cf-Ray: 742c82143f95bbbc-FRA
Content-Type: application/json; charset=UTF-8
Date: Tue, 30 Aug 2022 09:30:31 GMT
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
Set-Cookie: ...
Set-Cookie: ...
Vary: Accept-Encoding
X-Envoy-Upstream-Service-Time: 45

{
  "result": null,
  "success": false,
  "errors": [
    {
      "code": 10021,
      "message": "Uncaught SyntaxError: Unexpected token 'export'\n  at worker.js:1\n"
    }
  ],
  "messages": []
}

-----------------------------------------------------: timestamp=2022-08-30T11:30:31.351+0200
2022-08-30T11:30:31.352+0200 [ERROR] provider.terraform-provider-cloudflare_v3.22.0: Response contains error diagnostic: tf_proto_version=5.3 tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=11d11b01-3cc9-05cb-0148-cfea3f2cebc9 @caller=github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/internal/diag/diagnostics.go:55 diagnostic_detail= diagnostic_severity=ERROR diagnostic_summary="error creating worker script: Uncaught SyntaxError: Unexpected token 'export'
  at worker.js:1
 (10021)" tf_resource_type=cloudflare_worker_script tf_rpc=ApplyResourceChange @module=sdk.proto timestamp=2022-08-30T11:30:31.351+0200
2022-08-30T11:30:31.352+0200 [ERROR] vertex "cloudflare_worker_script.cfw_metrics_cw" error: error creating worker script: Uncaught SyntaxError: Unexpected token 'export'
  at worker.js:1
 (10021)
╷
│ Warning: Argument is deprecated
│
│   with provider["registry.terraform.io/cloudflare/cloudflare"],
│   on providers.tf line 13, in provider "cloudflare":
│   13:   account_id = "..."
│
│ Use resource specific `account_id` attributes instead.
╵
╷
│ Error: error creating worker script: Uncaught SyntaxError: Unexpected token 'export'
│   at worker.js:1
│  (10021)
│
│   with cloudflare_worker_script.cfw_metrics_cw,
│   on cf-test.tf line 3, in resource "cloudflare_worker_script" "cfw_metrics_cw":
│    3: resource "cloudflare_worker_script" "cfw_metrics_cw" {
│
╵

Panic output

No response

Expected output

The cloudflare_worker_script resource supports script inputs in ESM format.

Actual output

 Error: error creating worker script: Uncaught SyntaxError: Unexpected token 'export'
│   at worker.js:1
│  (10021)
│ 
│   with cloudflare_worker_script. ...
│   on ... .tf line 3, in resource "cloudflare_worker_script" "...":
│    3: resource "cloudflare_worker_script" "..." {
│

Steps to reproduce

Try to create a CFW from TF with the following example script:

export default {
  fetch(request) {
    const base = 'https://example.com';
    const statusCode = 301;

    const destination = new URL(request.url, base);
    return Response.redirect(destination.toString(), statusCode);
  },
};

Additional factoids

This works fine from Wrangler2

I have truncated the debug output to just the failing API call to upload the Worker as there was too much to redact.

We are on the Enterprise plan.

References

This thread describes the same issue: https://community.cloudflare.com/t/errors-deploying-worker-module-in-terraform/338909

Terraform does not work because the API to upload a worker is broken when trying to upload module based workers. I’ve run into the same issue just using the script upload API without Terraform.

github-actions[bot] commented 2 years ago

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

jacobbednarz commented 2 years ago

duplicates #1417

thomastoye commented 2 years ago

Oops, did not notice the duplicate (I only looked through the service/workers tag. Thanks Jacob!

cdaf commented 8 months ago

For anyone who stumbles upon this issue, set the module attribute to upload ES Modules (this isn't very clear in the doc).

resource "cloudflare_worker_script" "api_script_entry" {
  account_id = var.cloudflare_account_id
  name       = var.cloudflare_subdomain
  content    = file(var.cloudflare_script)
  module     = true
}