allow rule additions to existing `Ruleset`

[rpmccarter]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

I have three environments that share a domain/zone. I want to create a subdomain and transform rule for each environment. I'm able to create a record for each environment (dev.foo.com, staging.foo.com, prod.foo.com), but when I attempt to create a transform rule for each environment, I get the following error:

Diagnostics:
  cloudflare:index:Ruleset (api-path-rule-staging):
    error: failed to create ruleset "http_request_transform": A similar configuration with rules already exists and overwriting will have unintended consequences. If you are migrating from the Dashboard, you will need to first import the existing rules using cf-terraforming. You can find details about how to do this at https://developers.cloudflare.com/terraform/additional-configurations/ddos-managed-rulesets/#optional-delete-existing-rulesets-to-start-from-scratch

Here's the relevant code:

new cloudflare.Ruleset(`api-ruleset-${stack}`, {
  name: `${apiHostname} path rewrite rule`,
  kind: 'zone',
  zoneId,
  phase: 'http_request_transform',
  rules: [
    {
      expression: `http.host eq "${apiHostname}"`,
      action: 'rewrite',
      actionParameters: { uri: { path: { value: '/foo' } } },
    },
  ],
});

I've tried several different approaches:

• declare the ruleset, and then declare a rule that attaches to the ruleset by id (not possible to create a rule this way)
• use cloudflare.Ruleset.get() to get an existing ruleset and modify its rules property (type of rules property is an output, so I'm missing required values)
• use cloudflare.getRulesets() to get an existing ruleset and use new Ruleset() to recreate it with my new rule (getting indecipherable * Authentication error (10000) from cloudflare) - even if this did work for rule creation, I'm sure it wouldn't be able to determine which rule to delete during teardown

I'm familiar with the awsx.ec2.DefaultVpc('default-vpc'); api which doesn't actually create/delete any resources, but just allows you to use the properties of that resource in subsequent resources. Perhaps something similar would work here?

I realize this problem goes away if I buy two more zones in cloudflare, but I have to imagine this is a common enough problem, especially considering one production environment might have multiple pulumi stacks with a transform rule.

Affected area/feature

[iwahbe]

Hi @rpmccarter. Thanks for filing an issue. This provider is generated from a terraform provider (https://github.com/cloudflare/terraform-provider-cloudflare). I recommend you create an issue https://github.com/cloudflare/terraform-provider-cloudflare in the upstream provider. If they make any change to their interface to support this use-case, we will incorporate it as soon as they release.