Provider doesn't support the replay_protection value when creating a cloudflare_ipsec_tunnel

[Sceptyre]

Confirmation

• [X] My issue isn't already found on the issue tracker.
• [X] I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.5.4
on windows_amd64
+ provider registry.terraform.io/cloudflare/cloudflare v4.29.0

Affected resource(s)

• cloudflare_ipsec_tunnel

Terraform configuration files

resource "cloudflare_ipsec_tunnel" "example" {
  account_id           = var.cloudflare_account_id
  name                 = "example_tunnel"
  customer_endpoint    = "1.2.3.4"
  cloudflare_endpoint  = "<insert anycast ip>"
  interface_address    = "192.168.1.2/31"
  health_check_enabled = true
  health_check_target  = "192.168.1.3"
  health_check_type    = "request"
  psk                  = "<insert psk>"
  allow_null_cipher    = false
  # No option to set the replay_protection value. Always defaults to false
}

Link to debug output

n/a

Panic output

No response

Expected output

Expected ability to be able to configure replay_protection

Actual output

Unable to configure replay_protection

Steps to reproduce

1. Create a basic cloudflare_ipsec_tunnel resource
2. Attempt to set a replay_protection value
3. Check documentation, find no mapping for that value
4. Review provider code, find no code to support that mapping

Additional factoids

The link below is to the Cloudflare terraform provider documentation. It appears that the provider doesn't support the ability to enable replay protection. cloudflare_ipsec_tunnel | Resources | cloudflare/cloudflare | Terraform | Terraform Registry

You can see within the codebase itself, within the read function, it doesn't reference the replay_protection value terraform-provider-cloudflare/internal/sdkv2provider/resource_cloudflare_ipsec_tunnel.go at master · cloudflare/terraform-provider-cloudflare (github.com)

You can see within the List IPsec Tunnels API call however that Cloudflare does expose it Cloudflare API Documentation

References

No response

[github-actions[bot]]

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[Sceptyre]

It appears the cloudflare-go module itself doesn't have Replay Protection defined in the struct. https://github.com/cloudflare/cloudflare-go/blob/v0.92.0/magic_transit_ipsec_tunnel.go#L31

[Sceptyre]

Appears to be related to an issue with the cloudflare-go module not supporting this attribute. PR has been submitted to add this functionality: https://github.com/cloudflare/cloudflare-go/pull/1710