Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cloudflare_certificate_pack doesn't notice when the resource is deleted from the UI #2461

Closed
2 tasks done
evanrappe opened this issue May 22, 2023 · 6 comments · Fixed by #2497
Closed
2 tasks done

cloudflare_certificate_pack doesn't notice when the resource is deleted from the UI #2461

evanrappe opened this issue May 22, 2023 · 6 comments · Fixed by #2497
Labels
kind/bug Categorizes issue or PR as related to a bug. service/tls Categorizes issue or PR as related to the TLS services. triage/accepted Indicates an issue or PR is ready to be actively worked on. triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log. workflow/synced
Milestone
v4.8.0

Comments

@evanrappe
Copy link

evanrappe commented May 22, 2023
edited
Loading

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.4.6
on darwin_amd64

  • provider registry.terraform.io/cloudflare/cloudflare v4.6.0

Affected resource(s)

cloudflare_certificate_pack

Terraform configuration files

data "cloudflare_zone" "zone" {
  name       = "foo.com"
  account_id = "123456789"
}

resource "cloudflare_certificate_pack" "advanced_edge_cert" {
  zone_id               = data.cloudflare_zone.zone.id
  type                  = "advanced"
  hosts                 = ["*.foo.com", "foo.com"]
  validation_method     = "txt"
  validity_days         = 14
  certificate_authority = "digicert"
}

Link to debug output

https://gist.github.com/evanrappe/b7a804bb885169722c6af9d319e0fd43

Panic output

No response

Expected output

I'd expect Terraform to notice that the cert pack was deleted and attempt to recreate it.

Actual output

No changes. Your infrastructure matches the configuration.

Steps to reproduce

  1. Create a cert pack via TF like above
  2. Delete it from the Cloudflare UI
  3. Apply TF again, there will be no changes

Additional factoids

  • When I pull all Cert Packs from the API with List Certificate Packs, the cert pack in question (and still in the state) is not listed, only the active ones that you can see in the console.
  • When I hit the API for Get Certificate Pack using the ID of the resource in the state, it returns output like I've pasted below, note the deleted status.
{
  "result": {
    "id": "CERT-PACK-ID-FROM-TF-STATE",
    "type": "advanced",
    "hosts": [
      "foo.com",
      "*.foo.com"
    ],
    "primary_certificate": "*******",
    "status": "deleted",
    "certificates": [
      {
        "id": "SAME_AS_primary_certificate",
        "hosts": [
          "foo.com",
          "*.foo.com"
        ],
        "issuer": "CloudflareInc",
        "signature": "SHA256WithRSA",
        "status": "deleted",
        "bundle_method": "ubiquitous",
        "zone_id": "zoneID",
        "uploaded_on": "2023-05-22T16:30:34.033873Z",
        "modified_on": "2023-05-09T02:30:02.411988Z",
        "expires_on": "2023-05-20T23:59:59.000000Z",
        "priority": null
      },
      {
        "id": "********",
        "hosts": [
            "foo.com",
            "*.foo.com"
        ],
        "issuer": "CloudflareInc",
        "signature": "ECDSAWithSHA256",
        "status": "deleted",
        "bundle_method": "ubiquitous",
        "zone_id": "zoneID",
        "uploaded_on": "2023-05-22T16:30:34.033901Z",
        "modified_on": "2023-05-09T02:30:02.411988Z",
        "expires_on": "2023-05-20T23:59:59.000000Z",
        "priority": null
      }
    ],
    "created_on": "2023-03-08T14:05:27.550143Z",
    "validity_days": 14,
    "validation_method": "txt",
    "certificate_authority": "digicert"
  },
  "success": true,
  "errors": [],
  "messages": []
}

### References

_No response_
@evanrappe evanrappe added kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels May 22, 2023
@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions
Copy link

github-actions bot commented May 22, 2023
edited
Loading

Terraform debug log detected ✅

@github-actions github-actions bot added triage/needs-information Indicates an issue needs more information in order to work on it. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels May 22, 2023
@evanrappe
Copy link
Author

I see the above request for debug output but I don't really have anything to provide since I'm not getting an error. Let me know if there's more info I can provide, but it seems that the main issue here is that the provider is not accounting for things in a deleted state.

@jacobbednarz
Copy link
Member

the debug log would be helpful here to make sure you are infact getting the correct response. i would expect the request to return a 404 (which we can catch) but do want to confirm that before we add it here.

@evanrappe
Copy link
Author

Done, provided apply for a cert being created, then deleted it in the GUI, then provided the subsequent clean plan that should instead have tried to recreate the cert.

@github-actions github-actions bot added triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log. and removed triage/needs-information Indicates an issue needs more information in order to work on it. labels May 25, 2023
@jacobbednarz jacobbednarz added triage/accepted Indicates an issue or PR is ready to be actively worked on. service/tls Categorizes issue or PR as related to the TLS services. labels May 26, 2023
@jacobbednarz jacobbednarz added workflow/pending-op-response Indicates an issue or PR requires a response from the original poster. and removed workflow/pending-op-response Indicates an issue or PR requires a response from the original poster. labels Jun 5, 2023
@jacobbednarz jacobbednarz mentioned this issue Jun 5, 2023
Merged
@github-actions github-actions bot added this to the v4.8.0 milestone Jun 5, 2023
@github-actions
Copy link

This functionality has been released in v4.8.0 of the Terraform Cloudflare Provider.

Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 14, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. service/tls Categorizes issue or PR as related to the TLS services. triage/accepted Indicates an issue or PR is ready to be actively worked on. triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log. workflow/synced
Projects
None yet
Milestone
v4.8.0
2 participants
@jacobbednarz @evanrappe