origin_request block on wrong level in cloudflare_tunnel_config

[melvyndekort]

Confirmation

• My issue isn't already found on the issue tracker.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

It seems that the origin_request block on the cloudflare_tunnel_config is at the wrong level. It should not be on the config level, but on the ingress_rule level. The current level doesn't work and has to be configured manually in the UI to get it working.

Affected resource(s)

cloudflare_tunnel_config

Terraform configuration files

resource "cloudflare_tunnel_config" "example" {
  account_id = "123456"
  tunnel_id  = cloudflare_tunnel.mytunnel.id

  config {
    origin_request {
      no_tls_verify = true
    }

    ingress_rule {
      service  = "https://localhost:80"
      hostname = "example.example.com"
    }
  }
}

Link to debug output

• output.log

Panic output

No response

Expected output

I expect the no_tls_verify to get configured on the example.example.com hostname

Actual output

no_tls_verify doesn't get configured anywhere

Steps to reproduce

Configure an origin_request block on a cloudflare_tunnel_config resource.

Additional factoids

No response

References

No response

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[github-actions]

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

[melvyndekort]

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

I've added a link to the output

[boris]

Having the same issue with the following code:

resource "cloudflare_tunnel_config" "config" {
  account_id = var.account_id
  tunnel_id  = cloudflare_tunnel.home.id

  config {
    origin_request {
      connect_timeout          = "30s"
      disable_chunked_encoding = false
      keep_alive_connections   = 100
      keep_alive_timeout       = "1m30s"
      no_happy_eyeballs        = false
      no_tls_verify            = true
      proxy_address            = "127.0.0.1"
      proxy_port               = 0
      tcp_keep_alive           = "30s"
      tls_timeout              = "10s"
    }
    ingress_rule {
      hostname = "test.example.com"
      service  = "https://localhost"
    }
    ingress_rule {
      service = "http_status:404"
    }
  }
}

When running terraform plan, I got the following:

Terraform will perform the following actions:

  # cloudflare_tunnel_config.config will be updated in-place
  ~ resource "cloudflare_tunnel_config" "config" {
        id         = "88834c11-ef5e-438a-b983-78589acd0aa3"
        # (2 unchanged attributes hidden)

      ~ config {

          + origin_request {
              + connect_timeout          = "30s"
              + disable_chunked_encoding = false
              + keep_alive_connections   = 100
              + keep_alive_timeout       = "1m30s"
              + no_happy_eyeballs        = false
              + no_tls_verify            = true
              + proxy_address            = "127.0.0.1"
              + proxy_port               = 0
              + tcp_keep_alive           = "30s"
              + tls_timeout              = "10s"
            }

            # (2 unchanged blocks hidden)
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Which is expected, but after running terraform apply the changes above are not configured in the tunnel. When running the same command using TF_LOG=DEBUG the relevant bits are the same as the output.log uploaded by @melvyndekort.

[jacobbednarz]

duplicate of #2072