search

cloudposse / terraform-cloudflare-zone

Terraform module to provision a CloudFlare zone with DNS records, Argo, Firewall filters and rules
https://cloudposse.com/accelerate
Apache License 2.0
27 stars 19 forks source link

feat! remove firewall rules #43

Closed bcdady closed 4 months ago

bcdady commented 4 months ago

Remove deprecated filter and firewall resources

what

Support for the following resources, which are deprecated, are removed from this module.

why

Cloudflare converted existing firewall rules into WAF custom rules

The Firewall Rules API and the associated Cloudflare Filters API are now deprecated. These APIs will stop working on 2024-07-01

Relevant changes for Terraform users

The following Terraform resources from the Cloudflare provider are now deprecated:

  • cloudflare_firewall_rule
  • cloudflare_filter

Removing the functionality from this module, related to the deprecated resources, addresses multiple issues, including indirectly supporting #40 and #20

references

nitrocode commented 4 months ago

These changes were released in v1.0.0.

nitrocode commented 4 months ago

/terratest

nitrocode commented 4 months ago

I see this error in the test

error while running command: exit status 1; ╷ │ Error: error creating standalone healthcheck: health checks disabled for zone: validation failed (1002) │ │ with module.zone.cloudflare_healthcheck.default["eg-ue2-test-cf-zone-71222-TCP-bastion-71222.test-automation.app"], │ on ../../healthcheck.tf line 22, in resource "cloudflare_healthcheck" "default": │ 22: resource "cloudflare_healthcheck" "default" { │ ╵ ╷ │ Error: error creating standalone healthcheck: health checks disabled for zone: validation failed (1002) │ │ with module.zone.cloudflare_healthcheck.default["eg-ue2-test-cf-zone-71222-HTTPS-api-71222.test-automation.app"], │ on ../../healthcheck.tf line 22, in resource "cloudflare_healthcheck" "default": │ 22: resource "cloudflare_healthcheck" "default" { │ ╵}

This may be because the cloudflare api token may not have zone level healthcheck permissions enabled.

cc @aknysh @Nuru

aknysh commented 4 months ago

@bcdady @nitrocode we have downgraded our CloudFlare subscription, and it does not support health checks for zones ("health checks disabled for zone"), so we can't test it anymore.

I'm going to release a major version of the module (since it contains breaking changes). Any issues that you or other users encounter, we'll fix in follow up PRs.

Thank you

bcdady commented 4 months ago

Thank you!

nitrocode commented 4 months ago

Thanks @aknysh.

Would it help to also disable the testing of health checks in the example so the tests can pass in follow up PRs?