cloudflare_list_item reports <unknown> issue but creates wildcard records

[grh303]

Confirmation

• This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
• I have searched the issue tracker and my issue isn't already found.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.9.6
on darwin_arm64

• provider registry.terraform.io/cloudflare/cloudflare v4.43.0

Affected resource(s)

cloudflare_list_item

Terraform configuration files

### tfvars
account_id = "XXX"

test_tenant_domains = [
  "test.bg",
  "test.cz",
]

test_tenant_wide_subdomains = [
  "*.demo",
  "*.dev",
]

test_individual_subdomains = [
  "test.test.bg",
  "test2.test.cz",
]

#### vars
variable "account_id" {}
variable "test_tenant_domains" {}
variable "test_tenant_wide_subdomains" {}
variable "test_individual_subdomains" {}

### resources
resource "cloudflare_list" "test_list" {
  account_id  = var.account_id
  name        = "test_domains"
  description = "list of all test domains"
  kind        = "hostname"
}

resource "cloudflare_list_item" "test_list_hostname" {
  for_each = toset(concat([for x in setproduct(var.test_tenant_wide_subdomains,var.test_tenant_domains) : join(".", x)], var.test_individual_subdomains))
  account_id = cloudflare_list.test_list.account_id
  list_id    = cloudflare_list.test_list.id
  hostname {
    url_hostname = each.key
  }
}

Link to debug output

https://gist.github.com/grh303/2c947a33739af94f05729a68d18e61af

Panic output

No response

Expected output

there shouldn't be any error - records with asterisk are created on CF side, but tained in a state file

Actual output

cloudflare_list_item.test_list_hostname["*.dev.test.bg"]: Creating...
cloudflare_list_item.test_list_hostname["*.dev.test.cz"]: Creating...
cloudflare_list_item.test_list_hostname["test2.test.cz"]: Creating...
cloudflare_list_item.test_list_hostname["*.demo.test.cz"]: Creating...
cloudflare_list_item.test_list_hostname["*.demo.test.bg"]: Creating...
cloudflare_list_item.test_list_hostname["test.test.bg"]: Creating...
cloudflare_list_item.test_list_hostname["test.test.bg"]: Creation complete after 7s [id=7ab76d57a11149dab7b832798363f1d2]
cloudflare_list_item.test_list_hostname["test2.test.cz"]: Creation complete after 7s [id=9ad8c0f66196455b96abc828f921c2b3]
cloudflare_list_item.test_list_hostname["*.demo.test.bg"]: Still creating... [10s elapsed]
cloudflare_list_item.test_list_hostname["*.dev.test.bg"]: Still creating... [10s elapsed]
cloudflare_list_item.test_list_hostname["*.demo.test.cz"]: Still creating... [10s elapsed]
cloudflare_list_item.test_list_hostname["*.dev.test.cz"]: Still creating... [10s elapsed]
cloudflare_list_item.test_list_hostname["*.dev.test.bg"]: Still creating... [20s elapsed]
╷
│ Error: failed to create list item: <unknown>
│
│   with cloudflare_list_item.test_list_hostname["*.demo.test.bg"],
│   on lists.tf line 40, in resource "cloudflare_list_item" "test_list_hostname":
│   40: resource "cloudflare_list_item" "test_list_hostname" {
│
│ failed to match exactly one list item
╵
╷
│ Error: failed to create list item: <unknown>
│
│   with cloudflare_list_item.test_list_hostname["*.dev.test.cz"],
│   on lists.tf line 40, in resource "cloudflare_list_item" "test_list_hostname":
│   40: resource "cloudflare_list_item" "test_list_hostname" {
│
│ failed to match exactly one list item
╵
╷
│ Error: failed to create list item: <unknown>
│
│   with cloudflare_list_item.test_list_hostname["*.demo.test.cz"],
│   on lists.tf line 40, in resource "cloudflare_list_item" "test_list_hostname":
│   40: resource "cloudflare_list_item" "test_list_hostname" {
│
│ failed to match exactly one list item
╵
╷
│ Error: failed to create list item: <unknown>
│
│   with cloudflare_list_item.test_list_hostname["*.dev.test.bg"],
│   on lists.tf line 40, in resource "cloudflare_list_item" "test_list_hostname":
│   40: resource "cloudflare_list_item" "test_list_hostname" {
│
│ failed to match exactly one list item

Steps to reproduce

copy provided config files (vars, resources, tfvars) and run terraform apply

Additional factoids

records without asterisk don't produce errors

References

No response

[github-actions]

Terraform debug log detected ✅

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[github-actions]

Thank you for opening this issue and sorry to hear you're hitting issues. Unfortunately, the reproduction case provided contains HCL dynamic expressions. Examples of these are:

• Conditionals
• For loops
• Dynamic blocks
• Modules and module references

Maintainers don't accept these as reproduction cases since using these constructs and expressions can hold their own logic bugs which are outside of the provider and not able to be diagnosed.

For maintainers to triage this issue, we recommend providing a minimal reproduction test case that is only contains the impacted resources and can be easily reproduced in an isolated environment. Without providing this, maintainers are limited in what support they can provide.

[grh303]

cloudflare_list_item resource doesn't work with asterisk even without HCL dynamic expression

resource "cloudflare_list" "test_list" {
  account_id  = var.account_id
  name        = "test_domains"
  description = "list of all test domains"
  kind        = "hostname"
}

resource "cloudflare_list_item" "test_list_hostname" {
  account_id = cloudflare_list.test_list.account_id
  list_id    = cloudflare_list.test_list.id
  hostname {
    url_hostname = "*.demo.test.bg"
  }
}

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # cloudflare_list_item.test_list_hostname will be created
  + resource "cloudflare_list_item" "test_list_hostname" {
      + account_id = "REDACTED"
      + id         = (known after apply)
      + list_id    = "REDACTED"

      + hostname {
          + url_hostname = "*.demo.test.bg"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

cloudflare_list_item.test_list_hostname: Creating...
cloudflare_list_item.test_list_hostname: Still creating... [10s elapsed]
╷
│ Error: failed to create list item: <unknown>
│
│   with cloudflare_list_item.test_list_hostname,
│   on lists.tf line 39, in resource "cloudflare_list_item" "test_list_hostname":
│   39: resource "cloudflare_list_item" "test_list_hostname" {
│
│ failed to match exactly one list item
╵

[grh303]

tested dynamic items in cloudflare_list

resource "cloudflare_list" "test_list" {
  account_id  = var.account_id
  name        = "test_domains"
  description = "list of all test domains"
  kind        = "hostname"
  dynamic "item" {
    for_each = toset(concat([for x in setproduct(var.test_tenant_wide_subdomains, var.test_tenant_domains) : join(".", x)], var.test_individual_subdomains))
    content {
      value {
        hostname {
          url_hostname = item.key
        }
      }
    }
  }
}

Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # cloudflare_list.test_list will be created
  + resource "cloudflare_list" "test_list" {
      + account_id  = "a677adc7dcfb99a3e2c1b4517cbf3f8e"
      + description = "list of all test domains"
      + id          = (known after apply)
      + kind        = "hostname"
      + name        = "test_domains"

      + item {
          + value {
              + hostname {
                  + url_hostname = "*.demo.test.bg"
                }
            }
        }
      + item {
          + value {
              + hostname {
                  + url_hostname = "test.test.bg"
                }
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

cloudflare_list.test_list: Creating...
cloudflare_list.test_list: Creation complete after 5s [id=fb02834ecdc74ed283536a3c2329b9f8]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

but this approach has other issues - removes and adds back values (like #3025 )

Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # cloudflare_list.test_list will be updated in-place
  ~ resource "cloudflare_list" "test_list" {
        id          = "fb02834ecdc74ed283536a3c2329b9f8"
        name        = "test_domains"
        # (3 unchanged attributes hidden)

      - item {
          - value {
              - asn = 0 -> null

              - hostname {
                  - url_hostname = "*.demo.test.bg" -> null
                }
            }
        }
      - item {
          - value {
              - asn = 0 -> null

              - hostname {
                  - url_hostname = "test.test.bg" -> null
                }
            }
        }
      + item {
          + value {
              + hostname {
                  + url_hostname = "*.demo.test.cz"
                }
            }
        }
      + item {
          + value {
              + hostname {
                  + url_hostname = "*.demo.test.bg"
                }
            }
        }
      + item {
          + value {
              + hostname {
                  + url_hostname = "test.test.bg"
                }
            }
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

[grh303]

do you need anything else from me?

[github-actions]

Marking this issue as stale due to 30 days of inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 7 days it will automatically be closed. Maintainers can also remove the lifecycle/stale label.
If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[github-actions]

This issue was closed because it has been stalled for 7 days with no activity.