Comments (9)
ruleset rules are not available as a standalone resource
See: cloudflare_firewall_rule; and that's my point. Don't deprecate working functionality until a suitable alternative is in place.
from terraform-provider-cloudflare.
This is also really a bummer for us. It completely breaks building decoupled modules, since you have to put all your rules into a single cloudflare_ruleset
resource.
The new approach is way worse regarding maintainability and makes managing rules way more fragile.
Previously, you could create the firewall rules your module needs inside your module. Now, you have to remember that there's some rule - which is located inside a completely different module - that affects your module, that you need to change when you change something in your module/or change some config via a variable. Like a hostname for example.
Ref #2688, #2907, #2423, #2634
from terraform-provider-cloudflare.
this is intentional and is not a bug. you should not attempt to manage resources in terraform and another source - see https://developers.cloudflare.com/terraform/advanced-topics/best-practices/#manage-terraform-resources-in-terraform. there is no way for terraform to know which are the ones you intend to keep when it comes to ordering or overriding so this is a manual operation.
if you already have some rules defined and the WAF migration is performed, you can use a tool like cf-terraforming to export the entirety of the Ruleset configuration or you can individually resolve the differences.
from terraform-provider-cloudflare.
Community Note
Voting for Prioritization
- Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
- If you are interested in working on this issue, please leave a comment.
- If this would be your first contribution, please review the contribution guide.
from terraform-provider-cloudflare.
Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG
output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key
, X-Auth-Email
and Authorization
HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.
This issue has been marked with triage/needs-information
and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.
from terraform-provider-cloudflare.
Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG
output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key
, X-Auth-Email
and Authorization
HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.
This issue has been marked with triage/needs-information
and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.
from terraform-provider-cloudflare.
Added gist
from terraform-provider-cloudflare.
The resource was a rule, not a rule set. You're moving the goal post and then claiming the approach was wrong.
I'd be fine not using the new resource, but then don't deprecate the old. It's working just fine right now even with the new custom rule backend.
from terraform-provider-cloudflare.
ruleset rules are not available as a standalone resource so we are talking about rulesets as a unified view in this context. there may be a time in the future where rules are manageable individually however, that is not in the foreseeable future so that is the only option today.
from terraform-provider-cloudflare.
Related Issues (20)
- terraform cloudflare_turnstile_widget Error reading challenge widget when offlabel=true HOT 6
- [Enterprise plan] cloudflare_turnstile_widget desactivating offlabel get provider Error HOT 5
- cloudflare_ruleset wrong documentation HOT 5
- Cloudflare_pages_project terraform resource deploy a page after creation HOT 3
- Support for Advanced Rate Limit HOT 2
- Unnecessary diffs for cloudflare_record — broken escaping in API HOT 5
- Cloudflare Images Variants HOT 1
- cloudflare_ruleset rule order not working sync with management console HOT 3
- Error: failed reading email routing destination address HOT 6
- Support for Build Cache of Pages Project HOT 2
- cloudflare_custom_ssl resource times out when its zone does not have an "active" status HOT 5
- Error: failed reading email routing destination address HOT 3
- R2 Object Lifecycle Management HOT 2
- Provider produced inconsistent result after apply (for cloudflare_list_item) HOT 5
- cloudflare_dlp_profile entry.enabled is not resulting in a change HOT 6
- ACM is already supported via [`cloudflare_certificate_pack`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/certificate_pack). you can check the docs for usage and examples. HOT 7
- Make cloudflare_worker_script.cloudflare_worker_script optional HOT 2
- Ability to use the provider without credentials for cloudflare_ip_ranges data source HOT 2
- cloudflare_ruleset for rate_limit does not set the name right HOT 2
- `cloudflare_r2_bucket` produced an unexpected new value HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-cloudflare.