cloudflare_zero_trust_access_application results in 500 Internal Server Error

[martysweet]

Confirmation

• [X] This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
• [X] I have searched the issue tracker and my issue isn't already found.
• [X] I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

terraform-provider-cloudflare/4.44.0 terraform-plugin-sdk/2.34.0 terraform/1.5.7

4.45.0 doesn't appear to be available for ARM, but changelog does not indicate changes would resolve issues.

Affected resource(s)

cloudflare_zero_trust_access_application cloudflare_access_application

Terraform configuration files

resource "cloudflare_zero_trust_access_application" "non_prod_argocd" {
  account_id = local.account_id
  name       = "ArgoCD"
  domain     = "argocd.mydomain.com"
  self_hosted_domains = [
    "argocd.mydomain.com"
  ]
  type                      = "self_hosted"
  session_duration          = "24h"
  auto_redirect_to_identity = false
  app_launcher_visible      = true
  policies = [
    cloudflare_zero_trust_access_group.devops.id
  ]

  http_only_cookie_attribute = true
}

Link to debug output

https://gist.github.com/martysweet/5d6cc8a0569bc8b14d9fdff2d05b4442

Panic output

No response

Expected output

• The application is created or updated

Actual output

Error: error creating Access Application for accounts "xyz": error from makeRequest: received internal server error response (HTTP 500), please try again later

Steps to reproduce

1. Update an application, even an imported one - the API returns 500

Additional factoids

The API called https://developers.cloudflare.com/api/operations/access-applications-add-an-application Shows policies should be an array of {id, precedence}, however, the Terraform provider is sending an array of policy IDs.

Commenting out policies results in the successful creation of the resource, so I believe this is the issue, likely with a change with the backend API.

Current workaround is to create in the UI and import the application and policy.

References

No response

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[github-actions[bot]]

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

[martysweet]

I can't provide the full log as there is considerable sensitive information throughout. As this is a 500 error, there should be server-side logs to highlight the issue.