cloudflare_ruleset rule order not working sync with management console

[ibalat]

Confirmation

• [X] My issue isn't already found on the issue tracker.
• [X] I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.7.0 Cloudflare v4.23.0

Affected resource(s)

cloudflare_ruleset

Terraform configuration files

resource "cloudflare_ruleset" "custom_rules" {
  for_each = { for k, v in var.cloudflare_ruleset_custom_rules : k => v }

  zone_id     = local.zone_id
  name        = each.value.name
  description = each.value.description
  kind        = each.value.kind
  phase       = each.value.phase
  dynamic "rules" {
    for_each = each.value.rules
    content {
      action = rules.value["action"]
      action_parameters {
        phases   = lookup(rules.value["action_parameters"], "phases", null)
        products = lookup(rules.value["action_parameters"], "products", null)
      }
      dynamic "logging" {
        for_each = try(rules.value["logging"], {})
        content {
          enabled = logging.value
        }
      }
      expression  = lookup(rules.value, "expression", null)
      description = lookup(rules.value, "description", null)
      enabled     = lookup(rules.value, "enabled", null)
    }
  }
}

variable "cloudflare_ruleset_custom_rules" {
   ****
   ****
   rules = {
        r1 = {
          enabled           = true
          action            = "block"
          expression        = "***"
          description       = "***"
          action_parameters = {}
        },

        r2 = {
          enabled     = true
          action      = "skip"
          expression  = "***"
          description = "***"
          action_parameters = {
            products = [
              "securityLevel",
              "zoneLockdown",
              "waf"
            ]
          }
        },

        r3 = {
          enabled           = true
          action            = "managed_challenge"
          expression        = "***"
          description       = "***"
          action_parameters = {}
        },
        ***
        ***
}

Link to debug output

https://gist.github.com/ibalat/260ab274ca121a23da0e858ae68e5c00

Panic output

No response

Expected output

I have prepared a ruleset list in the same order as on the cloudflare dashboard (r1, r2, r3...) and expect the rules must be created with same order like variable list order (cloudflare_ruleset_custom_rules). Because cloudflare_ruleset resource has not any priority or order field to create orderly. Why I need? Because the rule order effect traffic flow.

Actual output

the rules randomly ordered (r2, r3, r1), not like variable list order (r1, r2, r3) (cloudflare_ruleset_custom_rules)

Steps to reproduce

1. Create custom rule object list
2. loop list in cloudflare_ruleset resource

Additional factoids

No response

References

No response

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[github-actions[bot]]

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

[jacobbednarz]

this is not a provider issue but an issue with your loop logic not using a consistent list ordering via for_each or dynamic (an example of why we don't accept these as reproduction cases).

lists within terraform are not order dependent (nor are Go maps which back the terraform types) so for this to work, you need to need to introduce order dependency within your enumerations.