cloudflare / terraform-provider-cloudflare

Cloudflare Terraform Provider
https://registry.terraform.io/providers/cloudflare/cloudflare
Mozilla Public License 2.0
789 stars 610 forks source link

Error reading setting "nel" for zone in v4.33.0 #3312

Closed lra closed 6 months ago

lra commented 6 months ago

Confirmation

Terraform and Cloudflare provider version

Terraform v1.8.3
on darwin_arm64
+ provider registry.terraform.io/cloudflare/cloudflare v4.33.0

Affected resource(s)

cloudflare_zone_settings_override

Terraform configuration files

resource "cloudflare_zone_settings_override" "settings" {
  for_each = var.cloudflare_zones
  zone_id  = data.cloudflare_zone.zone[each.key].id
  settings {
    always_use_https            = "on"
    brotli                      = "on"
    browser_cache_ttl           = 0
    browser_check               = "off"
    cache_level                 = "aggressive"
    ciphers                     = local.ciphers_strong
    http2                       = "on"
    http3                       = "on"
    h2_prioritization           = "on"
    image_resizing              = "open"
    max_upload                  = 2000
    min_tls_version             = "1.2"
    origin_error_page_pass_thru = "off"
    origin_max_http_version     = "2"
    polish                      = "lossless"
    privacy_pass                = "on"
    security_level              = "essentially_off"
    ssl                         = "full"
    universal_ssl = "on"

    minify {
      css  = "on"
      html = "on"
      js   = "off"
    }

    security_header {
      enabled            = true
      include_subdomains = true
      max_age            = 31536000
    }
  }
}

Link to debug output

https://gist.github.com/lra/02b32fb89f8ac9e77129e6656e535a3f

Panic output

No response

Expected output

$ terraform plan
No changes. Your infrastructure matches the configuration.

Actual output

$ terraform plan
╷
│ Error: Error reading setting "nel" for zone "REDACTED": auth.forbidden (1010)
│ 
│   with module.REDACTED.cloudflare_zone_settings_override.settings["REDACTED"],
│   on ../../modules/REDACTED/cloudflare.tf line 29, in resource "cloudflare_zone_settings_override" "settings":
│   29: resource "cloudflare_zone_settings_override" "settings" {

Steps to reproduce

  1. Set the provider version to v4.33.0
  2. Run terraform plan

Additional factoids

References

No response

github-actions[bot] commented 6 months ago

Terraform debug log detected :white_check_mark:

github-actions[bot] commented 6 months ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

nitrocode commented 6 months ago

Yep, hitting the same error. Thanks for creating this issue.

Our workaround for now

terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
      # due to https://github.com/cloudflare/terraform-provider-cloudflare/issues/3312
      version = "~> 4, < 4.33.0"
    }
  }
}
nitrocode commented 6 months ago

I worked with a cloudflare tam to enable NEL across all our zones with a support ticket. No additional scope on the token was needed.

jacobbednarz commented 6 months ago

thanks for raising. the underlying problem here is with the service response and throwing a 403 which upsets the resource fetching the value (even when you don't have it entitled). the service team is looking to address it and once addressed, will allow it to be queried without any additional changes in your code or the provider.

lra commented 6 months ago

thanks for raising. the underlying problem here is with the service response and throwing a 403 which upsets the resource fetching the value (even when you don't have it entitled). the service team is looking to address it and once addressed, will allow it to be queried without any additional changes in your code or the provider.

Thanks.

If this issue is closed, how can we know when it will be fixed so we can resume upgrading the provider version?

therealdwright commented 5 months ago

Still experiencing this issue - I think the issue was prematurely closed.

thadnutt commented 5 months ago

Still experiencing this issue as well.

jacobbednarz commented 5 months ago

a fix for this has been released to production by the service team. v4.33.0 should now work for both unentitled and entitled users of NEL.

if you're still having issues, please open a new issue to be triaged.