Open punkeel opened 4 months ago
Voting for Prioritization
Volunteering to Work on This Issue
Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG
output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key
, X-Auth-Email
and Authorization
HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.
This issue has been marked with triage/needs-information
and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.
Some API responses for reference:
maxime@MacPro> curl 'https://api.cloudflare.com/client/v4/accounts/ACCOUNT_ID/r2/buckets/' -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" -s|jq . ~
{
"success": true,
"errors": [],
"messages": [],
"result": {
"buckets": [
{
"name": "maxime-test-01",
"creation_date": "2022-05-14T00:27:19.714Z"
},
{
"name": "lala",
"creation_date": "2022-05-14T00:27:32.184Z"
},
{
"name": "lala-lala",
"creation_date": "2023-11-25T22:39:07.000Z"
},
{
"name": "lalalala",
"creation_date": "2024-03-22T00:16:19.039Z"
}
]
}
}
maxime@MacPro> curl 'https://api.cloudflare.com/client/v4/accounts/ACCOUNT_ID/r2/buckets/my-backups' -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" -s|jq . ~
{
"success": false,
"errors": [
{
"code": 10006,
"message": "The specified bucket does not exist."
}
],
"messages": [],
"result": null
}
maxime@MacPro> curl 'https://api.cloudflare.com/client/v4/accounts/ACCOUNT_ID/r2/buckets/my-backups' -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" -s -H "cf-r2-jurisdiction: eu"|jq .
{
"success": true,
"errors": [],
"messages": [],
"result": {
"name": "eu_my-backups",
"creation_date": "2023-11-15T22:31:41.738Z",
"location": "EEUR",
"storage_class": "Standard"
}
}
maxime@MacPro> curl 'https://api.cloudflare.com/client/v4/accounts/ACCOUNT_ID/r2/buckets' -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" -s -H "cf-r2-jurisdiction: eu"|jq .
{
"success": true,
"errors": [],
"messages": [],
"result": {
"buckets": [
{
"name": "my-backups",
"creation_date": "2023-11-15T22:31:41.738Z"
}
]
}
}
Marking this issue as stale due to 30 days of inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 7 days it will automatically be closed. Maintainers can also remove the lifecycle/stale
label.
If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!
Related to this, the provider is unable to flag the need to use an R2 jurisdiction header with cloudflare v4 API requests,
-H "cf-r2-jurisdiction: eu"
cloudflare_r2_buckets created with a jurisdiction restriction (which is separate from declaration of the region for the backend storage) are not visible in the API without that header in the API request.
In my case I have some globally visible buckets declared in R2 WEUR region (no jurisdiction flagged), and the cloudflare provider can see them for import, but I have a couple of additional WEUR buckets with EU jurisdiction flagged in the webui, and the terraform provider can't see/import those.
Confirmation
Terraform and Cloudflare provider version
Using tf cloud. 1.8.4 (Workspace version is ~>1.8.0)
terraform-provider-cloudflare_v4.33.0
Affected resource(s)
cloudflare_r2_bucket
Terraform configuration files
Link to debug output
https://gist.github.com/punkeel/38f002ea6667f759ef7af5fce9fe05eb (heavily redacted)
Panic output
│ Error: failed reading R2 bucket │ │ The specified bucket does not exist. (10006)
Expected output
Actual output
│ Error: failed reading R2 bucket │ │ The specified bucket does not exist. (10006)
Steps to reproduce
Additional factoids
All the other buckets in my account can be imported just fine. This is the only one with a jurisdiction.
Does the import command need a "hint" to know about jurisdictions?
dash seems to be sending
cf-r2-jurisdiction
when tf doesn't, related?curl
to the same endpoint works... if I specifycf-r2-jurisdiction
.References
No response