access.api.error.invalid_cors_methods

[danielepolencic]

Terraform Version

0.12.26

Affected Resource(s)

cloudflare_access_application

Terraform Configuration Files

resource "cloudflare_access_application" "app" {
  zone_id          = var.zone_id
  name             = var.name
  domain           = var.domain
  session_duration = var.session_duration

  cors_headers {
    allow_all_origins = true
  }
}

Debug Output

error updating Access Application for zone "1c8aa7a276a84ade2b31664f7d3a8feb": error from makeRequest: HTTP status 400: content "{/n  /"result/": null,/n  /"success/": false,/n  /"errors/": [/n    {/n      /"code/": 12057,/n      /"message/": /"access.api.error.invalid_cors_methods/"/n    }/n  ],/n  /"messages/": []/n}/n"

I tried with the provider on 2.10.1 and 2.9.0. Same error (actually worse errors with 2.10.1).

[jacobbednarz]

Are you defining the allowed methods anywhere? If you're setting the allowed origins, you need methods to accompany it.

[jacobbednarz]

I was able to replicate your issue and the cause is that the CORS methods are missing. You can solve this by either adding the single allowed_methods or allow all methods using allow_all_methods = true.

[danielepolencic]

allow_all_methods = true does not work for me as I get more cryptic errors:

rpc error: code = Canceled desc = context canceled
rpc error: code = Unavailable desc = transport is closing

[jacobbednarz]

Can you please run it again with TF_LOG=DEBUG and redact any sensitive information?

FWIW, here is my working test case.

variable "cloudflare_email" {}
variable "cloudflare_api_key" {}
variable "cloudflare_zone_id" {}
variable "cloudflare_domain" {}

provider "cloudflare" {
  email   = var.cloudflare_email
  api_key = var.cloudflare_api_key
}

resource "cloudflare_access_application" "app" {
  zone_id          = var.cloudflare_zone_id
  name             = "test"
  domain           = var.cloudflare_domain
  session_duration = "24h"

  cors_headers {
    allow_all_origins = true
    allow_all_methods = true
  }
}

[danielepolencic]

I thought the problem was my account so I raised an issue with CF.
Today I parsed the (long) log output from TF_LOG again and noticed this:

 runtime error: invalid memory address or nil pointer dereference
2020-09-01T10:18:58.285+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: [signal SIGSEGV: segmentation violation code=0x1 addr=0x48 pc=0x19fd2a3]
2020-09-01T10:18:58.285+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: 
2020-09-01T10:18:58.285+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: goroutine 186 [running]:
2020-09-01T10:18:58.285+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: github.com/cloudflare/terraform-provider-cloudflare/cloudflare.convertCORSStructToSchema(0xc000468850, 0x0, 0xc, 0x1b0db80, 0xc0004d5160)
2020-09-01T10:18:58.285+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: 	github.com/cloudflare/terraform-provider-cloudflare/cloudflare/resource_cloudflare_access_application.go:298 +0x63
2020-09-01T10:18:58.285+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: github.com/cloudflare/terraform-provider-cloudflare/cloudflare.resourceCloudflareAccessApplicationRead(0xc000468850, 0x1cd7980, 0xc0002a60c0, 0xc000468850, 0x0)
2020-09-01T10:18:58.285+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: 	github.com/cloudflare/terraform-provider-cloudflare/cloudflare/resource_cloudflare_access_application.go:180 +0x6b4
2020-09-01T10:18:58.285+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc0000a0cf0, 0xc00055c1e0, 0x1cd7980, 0xc0002a60c0, 0xc00000eac0, 0x0, 0x0)
2020-09-01T10:18:58.285+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: 	github.com/hashicorp/terraform-plugin-sdk@v1.15.0/helper/schema/resource.go:460 +0x129
2020-09-01T10:18:58.287+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin.(*GRPCProviderServer).ReadResource(0xc00064c038, 0x1e749a0, 0xc0004c0240, 0xc0003663c0, 0xc00064c038, 0xc0004c0240, 0xc000890b78)
2020-09-01T10:18:58.287+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: 	github.com/hashicorp/terraform-plugin-sdk@v1.15.0/internal/helper/plugin/grpc_provider.go:525 +0x3dd
2020-09-01T10:18:58.287+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5._Provider_ReadResource_Handler(0x1c9eca0, 0xc00064c038, 0x1e749a0, 0xc0004c0240, 0xc000366360, 0x0, 0x1e749a0, 0xc0004c0240, 0xc0008921e0, 0x1d5)
2020-09-01T10:18:58.287+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: 	github.com/hashicorp/terraform-plugin-sdk@v1.15.0/internal/tfplugin5/tfplugin5.pb.go:3269 +0x214
2020-09-01T10:18:58.287+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: google.golang.org/grpc.(*Server).processUnaryRPC(0xc00036ad80, 0x1e7e220, 0xc000642c00, 0xc0006d8000, 0xc000362900, 0x244ced0, 0x0, 0x0, 0x0)
2020-09-01T10:18:58.287+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: 	google.golang.org/grpc@v1.27.1/server.go:1024 +0x522
2020-09-01T10:18:58.287+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: google.golang.org/grpc.(*Server).handleStream(0xc00036ad80, 0x1e7e220, 0xc000642c00, 0xc0006d8000, 0x0)
2020-09-01T10:18:58.287+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: 	google.golang.org/grpc@v1.27.1/server.go:1313 +0xd34
2020-09-01T10:18:58.287+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc000096030, 0xc00036ad80, 0x1e7e220, 0xc000642c00, 0xc0006d8000)
2020-09-01T10:18:58.287+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: 	google.golang.org/grpc@v1.27.1/server.go:722 +0xa5
2020-09-01T10:18:58.287+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: created by google.golang.org/grpc.(*Server).serveStreams.func1
2020-09-01T10:18:58.287+0800 [DEBUG] plugin.terraform-provider-cloudflare_v2.10.1: 	google.golang.org/grpc@v1.27.1/server.go:720 +0xa5
2020-09-01T10:18:58.294+0800 [DEBUG] plugin: plugin process exited: path=/Users/pole/Sites/lms/terraform/infra/.terraform/plugins/darwin_amd64/terraform-provider-cloudflare_v2.10.1 pid=47196 error="exit status 2"

I think my state is messed up too now because I'm unable to run the plugin again even if I remove all CF resource blocks.

Edit: The example above works with a separate new tf file.

[jacobbednarz]

Can you paste the resource from the state file? We might be able to help munge it back to a workable state.

[danielepolencic]

I can confirm that fiddling with the state fixes it.

The original object caused a nil point deference with:

    {
      "module": "xxxx",
      "mode": "managed",
      "type": "cloudflare_access_application",
      "name": "app",
      "provider": "provider.cloudflare",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "allowed_idps": [],
            "aud": "xxxx",
            "auto_redirect_to_identity": false,
            "cors_headers": [
              {
                "allow_all_headers": false,
                "allow_all_methods": false,
                "allow_all_origins": true,
                "allow_credentials": false,
                "allowed_headers": null,
                "allowed_methods": null,
                "allowed_origins": null,
                "max_age": 0
              }
            ],
            "domain": "xxxx",
            "id": "xxxxx",
            "name": "xxxx",
            "session_duration": "24h",
            "zone_id": "xxxxxx"
          },
          "private": "xxxx"
        }
      ]
    },

I changed the instances[0].cors_headers to [] and that did the trick. Do you want me to raise this as a separate issue?

[jacobbednarz]

We don't need another issue; I can dig into getting into this situation and then ensuring we can recover a bit better. Thanks for the resources and I'm glad you were about to get it back working.

[jacobbednarz]

@danielepolencic I've pushed up a validation fix for this one via #793. Would you mind taking a look and letting me know if that works for you?