Updating Lists and Rule using those lists

[sycured]

Confirmation

• [X] My issue isn't already found on the issue tracker.
• [X] I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform Cloud: 1.5.7 Cloudflare provider: 4.14.0

Affected resource(s)

cloudflare_teams_rule cloudflare_teams_list

Terraform configuration files

locals {
  # Iterate through each pihole_domain_list resource and extract its ID
  pihole_domain_lists = [for k, v in cloudflare_teams_list.ad_domain_lists : v.id]

  # Format the values: remove dashes and prepend $
  pihole_domain_lists_formatted = [for v in local.pihole_domain_lists : format("$%s", replace(v, "-", ""))]

  # Create filters to use in the policy
  pihole_ad_filters = formatlist("any(dns.domains[*] in %s)", local.pihole_domain_lists_formatted)
  ad_filter         = join(" or ", local.pihole_ad_filters)

# Use the fileset function to find all files matching the pattern
# cloudflare/lists/list.*.txt, and create a list of their paths
  pihole_domain_list_files = fileset(path.module, "cloudflare/lists/*")
}

resource "cloudflare_teams_rule" "block_ads" {
  account_id = var.cloudflare_account_id

  name        = "Block Ads"
  description = "Block Ads domains"

  enabled    = true
  precedence = 11

  # Block domain belonging to lists (defined below)
  filters = ["dns"]
  action  = "block"
  traffic = local.ad_filter

  rule_settings {
    block_page_enabled = false
  }
}

# Iterate over the list of files and create a separate cloudflare_teams_list resource
# for each file
resource "cloudflare_teams_list" "ad_domain_lists" {
  account_id = var.cloudflare_account_id

  for_each = {
    for file_path in local.pihole_domain_list_files :
    basename(file_path) => file(file_path)
  }

  name  = "ad_domain_${each.key}"
  type  = "DOMAIN"
  items = [for x in split("\n", each.value) : x if x != ""]
}

Link to debug output

https://gist.github.com/sycured/7b6b21e05ca690a54985ef9f53847a43

Panic output

No response

Expected output

No error like impossible to delete the list

Actual output

Error: error deleting Teams List for account "db551ddd87480b18c9ca6cb168618e8e": list is referenced in an existing rule(Block Ads). please remove the rule to proceed

Steps to reproduce

1. Take the source code that inspired mine: https://github.com/JamesWoolfenden/terraform-cloudflare-adblock
2. Run it a first time so it'll create some lists and the rule
3. Remove some lines in lists to remove a split or more
4. Re-run and see the error

Additional factoids

No response

References

No response

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[github-actions[bot]]

Terraform debug log detected :white_check_mark:

[github-actions[bot]]

Thank you for opening this issue and sorry to hear you're hitting issues. Unfortunately, the reproduction case provided contains HCL dynamic expressions. Examples of these are:

• Conditionals
• For loops
• Dynamic blocks
• Modules and module references

Maintainers don't accept these as reproduction cases since using these constructs and expressions can hold their own logic bugs which are outside of the provider and not able to be diagnosed.

For maintainers to triage this issue, we recommend providing a minimal reproduction test case that is only contains the impacted resources and can be easily reproduced in an isolated environment. Without providing this, maintainers are limited in what support they can provide.