Cloudflare Tunnel warp_routing issues - plan need to be applied twice

[calderonth]

Confirmation

• My issue isn't already found on the issue tracker.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

registry.terraform.io/cloudflare/cloudflare v3.34.0

Affected resource(s)

cloudflare_tunnel_config

Terraform configuration files

resource "cloudflare_argo_tunnel" "tunnel" {
  account_id = var.cloudflare_account_id
  name = "test_tunnel"
  secret = "REDACTED"
}

resource "cloudflare_tunnel_config" "tunnel_test" {
  account_id = var.cloudflare_account_id
  tunnel_id = cloudflare_argo_tunnel.tunnel.id

  config {
    ingress_rule {
      service = "http://127.0.0.1:8080"
      hostname = "tunnel.${var.cloudflare_zone}"
    }
    warp_routing {
      enabled = false
    }
  }
}

resource "cloudflare_record" "tunnel_cname" {
  zone_id = var.cloudflare_zone_id
  name = "tunnel"
  value = "${cloudflare_argo_tunnel.tunnel.id}.cfargotunnel.com"
  type = "CNAME"
  proxied = true
}

Link to debug output

https://gist.github.com/calderonth/1eeed1c19592b9c2955bba78d661adf7

Panic output

No response

Expected output

The plan/apply should correctly set the warp_routing values on the first pass.
It sends an empty JSON structure on the first pass which results results in a broken configuration (no data routed throught the tunnel).

Running a second time the apply actually fills out the the warp_routing structure and the tunnel configuration is set accordingly.

Actual output

The plan shows it has applied successfully on the first apply when it hasn't.

Steps to reproduce

1. Adapt the configuration provided
2. Run terraform apply
3. Run terraform plan after and observe that the warp_routing setting still needs applying

Additional factoids

I have also tried to remove the warp_routing section as it is supposed to be optional but that also results in an unusable tunnel when created from TF.

References

No response

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[github-actions]

Terraform debug log detected ✅

[calderonth]

I have updated the TF_LOG to point to a full Terraform run.

[jacobbednarz]

this issue is related to sending zero values in Terraform where it cannot differentiate the two in state (hence two runs fix it).

i don't have an ETA on this but we have a larger body of work that is tracking zero values across the provider and i'll note this one against that.

[Ancitik]

Since Cloudflare Enterprise Support redirect to this issue could we have any update please.

Thanks.

[algo7]

Do you happen to have any news on this one?

[obezuk]

This is no longer an issue and can be closed. It has been addressed within the Cloudflare Tunnel's API service.