Introduction

Zone Bootstrap

https://github.com/Everworks/cloudflare/tree/main#importing-resources
How the Zones have to be imported

Tokens

How to Scope TF Tokens - https://github.com/Everworks/cloudflare/blob/main/tf-account/tokens.tf
https://github.com/Everworks/cloudflare/tree/main#token-permissions

Rulesets

‣

Header Order Issue

Terraform and Cloudflare provider version

Running in pipeline, always pulls the latest version.

Installed cloudflare/cloudflare v3.20.0 (signed by a HashiCorp partner, key ID DE413CEC881C3283)

Affected resource(s)

cloudflare_ruleset

Terraform configuration files

resource "cloudflare_ruleset" "transform_uri_remove_headers" {
  zone_id     = "zone_id"
  name        = "Transform rule for removing HTTP Headers"
  description = "Remove Headers before reaching client"
  kind        = "zone"
  phase       = "http_response_headers_transform"rules {
    action = "rewrite"action_parameters {
      headers {
        name      = "header1"
        operation = "remove"
      }
      headers {
        name      = "header2"
        operation = "remove"
      }
      headers {
        name      = "header3"
        operation = "remove"
      }
      headers {
        name      = "header4"
        operation = "remove"
      }
    }

    expression  = "true"
    description = "Remove Headers"
    enabled     = true
  }
}

Expected output

I expect there to be no change in the plan and apply.

Actual output

terraform plan

# cloudflare_ruleset.transform_uri_remove_headers will be updated in-place
  ~ resource "cloudflare_ruleset" "transform_uri_remove_headers" {
        id          = "48e991bdd540407bbaaa33352896123a"
        name        = "Transform rule for removing HTTP Headers"
        # (4 unchanged attributes hidden)

      ~ rules {
            id          = "9d895526018d4c7087d151cb166dd8a6"
            # (4 unchanged attributes hidden)

          ~ action_parameters {
                # (11 unchanged attributes hidden)

              ~ headers {
                  ~ name      = "header4" -> "header1"
                    # (1 unchanged attribute hidden)
                }
              ~ headers {
                  ~ name      = "header1" -> "header2"
                    # (1 unchanged attribute hidden)
                }
              ~ headers {
                  ~ name      = "header3" -> "header4"
                    # (1 unchanged attribute hidden)
                }
                # (1 unchanged block hidden)
            }
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

terraform apply

cloudflare_ruleset.transform_uri_remove_headers: Modifying... [id=48e991bdd540407bbaaa33352896123a]
cloudflare_ruleset.transform_uri_remove_headers: Modifications complete after 0s [id=48e991bdd540407bbaaa33352896123a]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed

Steps to reproduce

Add provider resource block
Run tf plan and apply
Subsequent tf plan shows same changes pending

Sadly, I couldn’t provide any debug output…

For anyone else who stumbles on this. The items are applied alphabetically. The order in terraform has to reflect this, or the plan will show changes every time and the apply will attempt to apply it every time.

Ask Tucker for permission

Page Rules

https://github.com/Everworks/cloudflare/blob/33a5cd2ce374e87f64b09ad5283c220e01b6d94d/tf-zone-staging/page_rules.tf#L1-L2

Conclusion

TODO

Cover Photo by NAME on Unsplash