Unable to create cloudflare_device_posture_rule of type unique_client_id

[dmitriydvoryanchuk-chime]

Confirmation

• My issue isn't already found on the issue tracker.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform: 1.5.2
Provider: 4.18.0

Affected resource(s)

cloudflare_device_posture_rule

Terraform configuration files

resource "cloudflare_device_posture_rule" "clientid_android" {
  account_id  = local.cloudflare_account_id
  name        = "Platform-Android"
  type        = "unique_client_id"
  description = "Device posture rule for Android"

  match {
    platform = "android"
  }
}

Link to debug output

https://gist.github.com/dmitriydvoryanchuk-chime/6647171fd11d322d7c91a5ca092e2df6

Panic output

No response

Expected output

resource "cloudflare_device_posture_rule" "clientid_android" {
        account_id  = ""
        description = "Device posture rule for Android"
        id          = "156cd047-3eeb-404f-98fa-0a83ce8d9b47"
        name        = "Platform-Android"
        schedule    = "5m"
        type        = "unique_client_id"

        input { }

        match {
            platform = "android"
        }
    }

Actual output

Error: error updating Device Posture Rule for account "": Error: Missing rule input 156cd047-3eeb-404f-98fa-0a83ce8d9b47:Platform-Android:unique_client_id (6021)
│ 
│   with cloudflare_device_posture_rule.clientid_android,
│   on posture.tf line 29, in resource "cloudflare_device_posture_rule" "clientid_android":
│   29: resource "cloudflare_device_posture_rule" "clientid_android" {

Steps to reproduce

1. Attempt to create resource as outlined in the example configuration above.
2. Specify platform in match block as "android" or "ios"
3. Optionally, attempt to import existing rule created via the UI/API and include the input block.
4. Optionally, attempt to create resource with empty input block.

Additional factoids

The API GET output for /accounts/{account_id}/devices/posture is:

{
            "input": {},
            "match": [
                {
                    "platform": "android"
                }
            ],
            "schedule": "5m",
            "id": "156cd047-3eeb-404f-98fa-0a83ce8d9b47",
            "type": "unique_client_id",
            "description": "",
            "name": "Android",
            "expiration": null
}

The output for an import attempt of an existing resource created via the UI is:

resource "cloudflare_device_posture_rule" "clientid_android" {
        account_id  = ""
        description = "Device posture rule for Android"
        id          = "156cd047-3eeb-404f-98fa-0a83ce8d9b47"
        name        = "Platform-Android"
        schedule    = "5m"
        type        = "unique_client_id"

        input {
            active_threats = 0
            check_disks    = []
            enabled        = false
            exists         = false
            infected       = false
            is_active      = false
            require_all    = false
            running        = false
            total_score    = 0
        }

        match {
            platform = "android"
        }
    }
}

Specifying either set in the configuration still causes the same error as not specifying input at all.

References

https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/device_posture_rule

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[jacobbednarz]

the debug logs are showing the account_id parameter missing.

POST /client/v4/accounts//devices/posture HTTP/1.1

looks like your variable reference is incorrect/missing.

[dmitriydvoryanchuk-chime]

the debug logs are showing the account_id parameter missing.

POST /client/v4/accounts//devices/posture HTTP/1.1

looks like your variable reference is incorrect/missing.

@jacobbednarz I manually redacted it for reasons of paranoia - happy to provide it if you need it

[jacobbednarz]

right - they are fine to leave in, they aren't sensitive. even if someone was to get one, there isn't anything they can do with it. can you pop it back into your logs and i'll get this to the service team to look at.

[dmitriydvoryanchuk-chime]

right - they are fine to leave in, they aren't sensitive. even if someone was to get one, there isn't anything they can do with it. can you pop it back into your logs and i'll get this to the service team to look at.

Done, thanks!!

[TylerStanish]

When creating a posture rule of this type, a list ID should be passed into the input field like so

resource "cloudflare_device_posture_rule" "clientid_android" {
  account_id  = ""
  name        = "Platform-Android"
  type        = "unique_client_id"
  description = "Device posture rule for Android"

  match {
    platform = "android"
  }

  input {
    id = "869a8a7c-bb64-4495-ab86-4a7e953f2736"
  }
}