Cannot update `cloudflare_email_routing_rule`: required rule id missing

[iwahbe]

Confirmation

• [X] This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
• [X] I have searched the issue tracker and my issue isn't already found.
• [X] I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.8.3 on darwin_arm64

provider registry.terraform.io/cloudflare/cloudflare v4.35.0

Affected resource(s)

• cloudflare_email_routing_rule

Terraform configuration files

terraform {
  required_providers {
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "4.35.0"
    }
  }

  required_version = ">= 1.2.0"
}

provider "cloudflare" {}

resource "cloudflare_zone" "repro_zone" {
  account_id = "48364b099cc965f71761d67bc5314bd4"
  zone       = "pulumi.com"
}

resource "cloudflare_email_routing_rule" "CfEmailRedirects" {
  zone_id = cloudflare_zone.repro_zone.id
  name    = "CfEmailRedirects"
  enabled = true

  matcher {
    type  = "literal"
    field = "to"
    value = "repro-1@pulumi.com"
  }

  action {
    type  = "forward"
    value = ["repro-2@pulumi.com"] # Twiddle 1 -> 2 to reproduce
  }

  priority = 0
}

Link to debug output

https://gist.github.com/iwahbe/6c572def584838b5fb3cc9e66d936b4b

Panic output

No response

Expected output

I expect that I can change the value of cloudflare_email_routing_rule.action.value.0 and the provider will update or replace my forwarding rule.

Actual output

terraform apply
cloudflare_zone.repro_zone: Refreshing state... [id=9d73e1680af07766fa34f6396847b02c]
cloudflare_email_routing_rule.CfEmailRedirects: Refreshing state... [id=aaccc739a4234994ac47ff0919e5d91c]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # cloudflare_email_routing_rule.CfEmailRedirects will be updated in-place
  ~ resource "cloudflare_email_routing_rule" "CfEmailRedirects" {
      ~ id       = "aaccc739a4234994ac47ff0919e5d91c" -> (known after apply)
        name     = "CfEmailRedirects"
      ~ tag      = "aaccc739a4234994ac47ff0919e5d91c" -> (known after apply)
        # (3 unchanged attributes hidden)

      - action {
          - type  = "forward" -> null
          - value = [
              - "repro-2@pulumi.com",
            ] -> null
        }
      + action {
          + type  = "forward"
          + value = [
              + "repro-3@pulumi.com",
            ]
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

yes
  Enter a value: 
cloudflare_email_routing_rule.CfEmailRedirects: Modifying... [id=aaccc739a4234994ac47ff0919e5d91c]
╷
│ Error: failed updating email routing rule
│ 
│   with cloudflare_email_routing_rule.CfEmailRedirects,
│   on main.tf line 19, in resource "cloudflare_email_routing_rule" "CfEmailRedirects":
│   19: resource "cloudflare_email_routing_rule" "CfEmailRedirects" {
│ 
│ required rule id missing
╵
Error: exit status 1
An error occurred: exit status 1

Steps to reproduce

1. Run terraform apply on the original program, typing "yes" when prompted, creating the resource.
2. Change cloudflare_email_routing_rule.CfEmailRedirects.action.value.0 from "repro-2@pulumi.com" to "repro-3@pulumi.com".
3. Run terraform apply and type "yes", the resource will fail to update.

Additional factoids

I don't see anything in the documentation for this resource indicating where I should pass a rule ID.

References

No response

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[jacobbednarz]

this looks to be coming from the underlying Go library suggesting that RuleID is not being correctly - https://github.com/cloudflare/cloudflare-go/blob/f5d3137ca61667ba17be32b54feef5a4e53a023c/email_routing_rules.go#L187

in the provider we use tag as the ID (legacy reasons that we can migrate away from now) however, in the debug log, i see it does not have a value.

2024-06-25T18:07:13.415-0700 [DEBUG] provider.terraform-provider-cloudflare_v4.35.0: marking computed attribute that is null in the config as unknown: tf_mux_provider="*proto6server.Server" tf_attribute_path="AttributeName(\"tag\")" 

can you confirm if that is set in your state? or if you only have id.

[iwahbe]

This is my state file: https://gist.github.com/iwahbe/16c423d8fcd87c0e10d6af6d320da631. It looks like both tag and id are set.

[jacobbednarz]

odd - nothing obvious is jumping out at me so i'll need to have a dig into what is happening here.