[X] This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
[X] I have searched the issue tracker and my issue isn't already found.
[X] I have replicated my issue using the latest version of the provider and it is still present.
Expected id to be set for permission group and terraform plan shown like so:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# cloudflare_api_token.api_token will be created
+ resource "cloudflare_api_token" "api_token" {
+ condition = (known after apply)
+ expires_on = (known after apply)
+ id = (known after apply)
+ issued_on = (known after apply)
+ last_used_on = (known after apply)
+ modified_on = (known after apply)
+ name = "api_token"
+ not_before = (known after apply)
+ policies = [
+ {
+ effect = "allow"
+ id = (known after apply)
+ permission_groups = [
+ {
+ id = "dfe525ec7b07472c827d8d009178b2ac"
+ meta = (known after apply)
+ name = (known after apply)
},
]
+ resources = {
+ resource = "com.cloudflare.api.user.f4fdf41e55edfb26ba7e63c86053c9f9"
+ scope = "*"
}
},
]
+ status = (known after apply)
+ value = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Actual output
Terraform error on attempting to set a read-only attribute.
╷
│ Error: Invalid Configuration for Read-Only Attribute
│
│ with cloudflare_api_token.api_token,
│ on main.tf line 60, in resource "cloudflare_api_token" "api_token":
│ 60: resource "cloudflare_api_token" "api_token" {
│
│ Cannot set value for this attribute as the provider has marked it as read-only. Remove the configuration line setting the value.
│
│ Refer to the provider documentation or contact the provider developers for additional information about configurable and read-only attributes that are supported.
Steps to reproduce
terraform init with cloudflare provider version 5.0.0-alpha1
Create a resource with cloudflare_api_token that creates an api token
Run terraform apply
Additional factoids
Feels like with the current way that it is written, there is no valid resource configuration for cloudflare_api_token, as policies.permission_groups.id is listed as computed in the schema so it cannot be set.
I also tried modifying internal/services/api_token/resource.go and internal/services/api_token/model.go to change id from computed to required and rebuilt, and the resource does then succeed to at least the plan step. However, I'm currently having issues with the api not accepting anything I give the resources attribute so I havent gotten the resource to fully create yet, but that part is potentially just my own ignorance.
Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.
Confirmation
Terraform and Cloudflare provider version
Terraform v1.8.5 on windows_amd64
Affected resource(s)
cloudflare_api_token
Terraform configuration files
Link to debug output
https://gist.github.com/jrogers-dlp/a2e4e2d6dabcc623a770ee36c597cf73
Panic output
No response
Expected output
Expected id to be set for permission group and terraform plan shown like so:
Actual output
Terraform error on attempting to set a read-only attribute.
Steps to reproduce
terraform init
with cloudflare provider version5.0.0-alpha1
cloudflare_api_token
that creates an api tokenterraform apply
Additional factoids
Feels like with the current way that it is written, there is no valid resource configuration for
cloudflare_api_token
, aspolicies.permission_groups.id
is listed as computed in the schema so it cannot be set.I also tried modifying
internal/services/api_token/resource.go
andinternal/services/api_token/model.go
to change id fromcomputed
torequired
and rebuilt, and the resource does then succeed to at least the plan step. However, I'm currently having issues with the api not accepting anything I give the resources attribute so I havent gotten the resource to fully create yet, but that part is potentially just my own ignorance.References
No response