According to the documentation the enabled flag must be set to null (…

…or nil) in order for the association to be destroyed. Setting this to false keeps the association in a disabled state instead of destroying the resource. Documentation on this API endpoint can be found here: https://developers.cloudflare.com/api/operations/per-hostname-authenticated-origin-pull-enable-or-disable-a-hostname-for-client-authentication Referencing issue raised on provider: cloudflare#4648
PhilipSkinner · Nov 22, 2024 · fa512e3 · fa512e3
1 parent e2013d8
commit fa512e3
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/.changelog/4649.txt b/.changelog/4649.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/cloudflare_authenticated_origin_pulls: Fix issue where resources are disabled instead of being destroyed on `tf destroy`
+```
diff --git a/internal/sdkv2provider/resource_cloudflare_authenticated_origin_pulls.go b/internal/sdkv2provider/resource_cloudflare_authenticated_origin_pulls.go
@@ -123,7 +123,7 @@ func resourceCloudflareAuthenticatedOriginPullsDelete(ctx context.Context, d *sc
 		conf := []cloudflare.PerHostnameAuthenticatedOriginPullsConfig{{
 			CertID:   aopCert,
 			Hostname: hostname,
-			Enabled:  false,
+			Enabled:  nil,
 		}}
 		_, err := client.EditPerHostnameAuthenticatedOriginPullsConfig(ctx, zoneID, conf)
 		if err != nil {