search

pulumi / pulumi-cloudflare

Pulumi's Cloudflare package, providing multi-language infrastructure as code for Cloudflare
Apache License 2.0
90 stars 11 forks source link

ZoneSettingsOverride: invalid or unknown key: tls13 #166

Open berkant opened 3 years ago

berkant commented 3 years ago

I'm programming a Pulumi application using Pulumi Go SDK and Cloudflare provider. However, NewZoneSettingsOverride method is currently failing when I'm trying to set Tls13 field of ZoneSettingsOverrideSettingsArgs which I'm sending in the args parameter of the function.

Steps to reproduce

  1. Import Pulumi Cloudflare package.
  2. Try to call NewZoneSettingsOverride method with Tls13 field in args set to something like pulumi.String("off").

Expected: The application should not fail with an error, and proceed overriding the TLS 1.3 setting of the Cloudflare zone.

Actual: 

codespace ➜ /workspaces/automate-cloudflare (main ✗) $ PULUMI_CONFIG_PASSPHRASE=XXX pulumi preview
Previewing update (prod):
     Type                                      Name                                                     Plan     Info
     pulumi:pulumi:Stack                       automate-cloudflare-prod                                          
     └─ cloudflare:index:ZoneSettingsOverride  zone-ffbc040fe91c68423fde02240a612a93-settings-override           1 error

Diagnostics:
  cloudflare:index:ZoneSettingsOverride (zone-ffbc040fe91c68423fde02240a612a93-settings-override):
    error: cloudflare:index/zoneSettingsOverride:ZoneSettingsOverride resource 'zone-ffbc040fe91c68423fde02240a612a93-settings-override' has a problem: settings.0: invalid or unknown key: tls13

codespace ➜ /workspaces/automate-cloudflare (main ✗) $

A snippet from the app code:

for _, zone := range result.Zones {
    _, err := cloudflare.NewZoneSettingsOverride(ctx, fmt.Sprintf("zone-%v-settings-override", *zone.Id), &cloudflare.ZoneSettingsOverrideArgs{
        ZoneId: pulumi.String(*zone.Id),
        Settings: cloudflare.ZoneSettingsOverrideSettingsArgs{
            AlwaysUseHttps:          pulumi.String("on"),
            OpportunisticEncryption: pulumi.String("on"),
            Tls13:                   pulumi.String("on"),
        },
    })
    if err != nil {
        return err
    }
}
re-thc commented 2 years ago

Same applies to the Typescript SDK.

joelnotified commented 1 year ago

Just hit this one as well with the Python SDK, but then realized it is on by default which "solves" the issue for me 🎉 😂

AaronFriel commented 1 year ago

This may be on by default, but we do need to address the underlying error in this provider or the bridge! Thanks for flagging this and apologies for the slow response.

I found this via #339 which was more recently reported, whose author @zhangyoufu accurately identified as related to this issue.