Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to create cloudflare_tunnel_config with warp_routing enabled #2920

Closed
2 tasks done
dmitriydvoryanchuk-chime opened this issue Nov 8, 2023 · 7 comments · Fixed by #3327
Closed
2 tasks done

Unable to create cloudflare_tunnel_config with warp_routing enabled #2920

dmitriydvoryanchuk-chime opened this issue Nov 8, 2023 · 7 comments · Fixed by #3327
Labels
kind/bug Categorizes issue or PR as related to a bug. service/tunnel Categorizes issue or PR as related to the Tunnel service. triage/accepted Indicates an issue or PR is ready to be actively worked on. triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log. workflow/synced
Milestone
v4.34.0

Comments

@dmitriydvoryanchuk-chime
Copy link

dmitriydvoryanchuk-chime commented Nov 8, 2023
edited
Loading

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform: 1.5.2
Provider: 4.18.0

Affected resource(s)

cloudflare_tunnel
cloudflare_tunnel_config

Terraform configuration files

resource "cloudflare_tunnel_config" "aws_vpc_it_prod" {
  account_id = "id"
  tunnel_id  = cloudflare_tunnel.aws_vpc_it_prod.id
  config {
    warp_routing {
      enabled = true
    }
}

Link to debug output

https://gist.github.com/dmitriydvoryanchuk-chime/e6e12336ea0cba8a13122e1d5b5a45a0

Panic output

No response

Expected output

cloudflare_tunnel_config should be created

Actual output


│ Error: Insufficient ingress_rule blocks

│ on cfd_tunnels.tf line 41, in resource "cloudflare_tunnel_config" "aws_vpc_it":
│ 41: config {

│ At least 1 "ingress_rule" blocks are required.

Steps to reproduce

  1. Create cloudflare_tunnel
  2. Attempt to create corresponding cloudflare_tunnel_config with configuration specified above.
  3. Create fails due to ingress_rule block being required.
  4. Specifying a required ingress_rule block with the minimum service parameter set as blank will crash the provider.
  5. Specifying ingress_rule with a dummy service parameter (such as https://localhost:80) causes warp_routing config to flip to false
  6. Not specifying cloudflare_tunnel_config at all does not set warp_routing to true.

Additional factoids

We are trying to create a cloudflared tunnel with warp routing enabled. With the way the provider is currently implemented, it is not possible to do so. If the tunnel is created using the UI/dashboard, the API GET output for the tunnel configuration is:
"config": { "warp-routing": { "enabled": true } }, "source": "cloudflare" which is what is desired.

Running an import on a tunnel created using the UI does not import an ingress_rule block and will fail to create the resource.
Although this is working exactly as implemented, our required configuration is not supported.

References

#2916
https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/tunnel_config#nested-schema-for-config
@dmitriydvoryanchuk-chime dmitriydvoryanchuk-chime added kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Nov 8, 2023
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 8, 2023
edited
Loading

Terraform debug log detected ✅

@github-actions github-actions bot added the triage/needs-information Indicates an issue needs more information in order to work on it. label Nov 8, 2023
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 8, 2023

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot removed the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Nov 8, 2023
@jacobbednarz
Copy link
Member

can you include the TF_LOG=DEBUG output on that gist? once that is there, this is ready for triage.

@dmitriydvoryanchuk-chime
Copy link
Author

can you include the TF_LOG=DEBUG output on that gist? once that is there, this is ready for triage.

@jacobbednarz Updated with debug output, thanks!

@jacobbednarz jacobbednarz added triage/accepted Indicates an issue or PR is ready to be actively worked on. service/tunnel Categorizes issue or PR as related to the Tunnel service. and removed triage/needs-information Indicates an issue needs more information in order to work on it. labels Nov 8, 2023
@github-actions github-actions bot added triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log. workflow/synced labels Nov 9, 2023
@tpickett66
Copy link

I ran into this today and originally thought it was a bug. After working through a solution I realized the default configuration generated by the UI does include a default ingress rule pointing at http_status:503 I was able to replicate this using the resource:

resource "cloudflare_tunnel_config" "conf" {
  account_id = var.cloudflare_account_id
  tunnel_id  = cloudflare_tunnel.tunnel.id

  config {
    ingress_rule {
      service = "http_status:503"
    }
    warp_routing {
      enabled = true
    }
  }
}

@dmitriydvoryanchuk-chime
Copy link
Author

I ran into this today and originally thought it was a bug. After working through a solution I realized the default configuration generated by the UI does include a default ingress rule pointing at http_status:503 I was able to replicate this using the resource:

resource "cloudflare_tunnel_config" "conf" {
  account_id = var.cloudflare_account_id
  tunnel_id  = cloudflare_tunnel.tunnel.id

  config {
    ingress_rule {
      service = "http_status:503"
    }
    warp_routing {
      enabled = true
    }
  }
}

@tpickett66 Brilliant, thank you for tracking this down. Looks like this is working for us now, so all CF should have to do is update their provider doc.

@josip-stanic josip-stanic mentioned this issue May 24, 2024
Merged
@github-actions github-actions bot added this to the v4.34.0 milestone May 27, 2024
@github-actions GitHub Actions
Copy link
Contributor

This functionality has been released in v4.34.0 of the Terraform Cloudflare Provider.

Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. service/tunnel Categorizes issue or PR as related to the Tunnel service. triage/accepted Indicates an issue or PR is ready to be actively worked on. triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log. workflow/synced
Projects
None yet
Milestone
v4.34.0
3 participants
@tpickett66 @jacobbednarz @dmitriydvoryanchuk-chime