cloudflare_zero_trust_gateway_policy traffic option rule keeps changing and if you change it to what is show its uneditable within console

[pcanham]

Confirmation

• This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
• I have searched the issue tracker and my issue isn't already found.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.9.8
on darwin_arm64
+ provider registry.terraform.io/cloudflare/cloudflare v4.47.0

Affected resource(s)

cloudflare_zero_trust_gateway_policy

Terraform configuration files

resource "cloudflare_zero_trust_gateway_policy" "http_bypass_app_devtooling00" {
  account_id  = var.cloudflare_account_id
  action      = "off"
  description = "BUG REPORT 00 - Do not inspect"
  enabled     = true
  filters     = ["http"]
  name        = "BUG REPORT 00 - Development Tooling"
  precedence  = 999991
  traffic     = "any(app.ids[*] in {536 687 1238})"
  rule_settings {
    block_page_enabled                 = false
    insecure_disable_dnssec_validation = false
    ip_categories                      = false
    notification_settings {
      enabled = false
    }
  }
}

Link to debug output

https://gist.github.com/pcanham/14d7ed662eabc1419c3202e81c4f3bf4

Panic output

No response

Expected output

No Changes shown

Actual output

  # cloudflare_zero_trust_gateway_policy.http_bypass_app_devtooling00 will be updated in-place
  ~ resource "cloudflare_zero_trust_gateway_policy" "http_bypass_app_devtooling00" {
        id             = "4ff379e7-1d7c-474f-99c6-c8b3b3afd360"
        name           = "BUG REPORT 00 - Development Tooling"
      ~ traffic        = "any(app.hosts_ids[*] in {536 687 1238})" -> "any(app.ids[*] in {536 687 1238})"
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Steps to reproduce

Code to pre-produce can be found here

https://github.com/pcanham/tf-cloudflare-one/tree/main

Additional factoids

If you change the Traffic code to the one which Terraform says inplace, when you go into the Cloudflare console, it shows the rules as unable to edit

When you hover over the WARN it says

References

No response

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.