Limitations of `cloudflare_access_application`: Inability to Support Multiple Domains Per Application

[thefourcraft]

Confirmation

• [X] My issue isn't already found on the issue tracker.
• [X] I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

cloudflare v4.29.0

Affected resource(s)

cloudflare_access_application

Terraform configuration files

resource "cloudflare_access_application" "example" {
    zone_id                      = var.zone_id
    name                         = "Example"
    domain                       = "https://example.com"
    type                         = "self_hosted"
    tags                         = ["Team App"]
    session_duration             = "24h"
    allowed_idps                 = ["${var.google_idp_id}"]
    app_launcher_logo_url        = "https://example.com/png.png"
    app_launcher_visible         = true
    auto_redirect_to_identity    = true
    http_only_cookie_attribute   = true
    # allow_authenticate_via_warp  = true
    custom_deny_message          = "You are not allowed to access this application"
}

Link to debug output

N/A

Panic output

N/A

Expected output

N/A

Actual output

N/A

Steps to reproduce

N/A

Additional factoids

cloudflare_access_application (Resource), specifically the domain part, doesn't seem to support multiple domains per application (as the web UI does). Is there a way around it?

References

https://discord.com/channels/595317990191398933/1043025669036187678/1115610208660635648 https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/access_application#domain

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[github-actions[bot]]

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

[github-actions[bot]]

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

[thefourcraft]

So it appears that it's supported

                "self_hosted_domains": {
                        Type:     schema.TypeSet,
                        Optional: true,
                        Elem: &schema.Schema{
                                Type: schema.TypeString,
                        },
                        Description: "List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`",
                },

[jacobbednarz]

https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/access_application#self_hosted_domains is what you are after.

[thefourcraft]

@jacobbednarz thanks for the help, I didn't see that 🤦🏻