cloudflare_hyperdrive_config always trying to update #6650
Description
Confirmation
- This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
- I have searched the issue tracker and my issue isn't already found.
- I have replicated my issue using the latest version of the provider and it is still present.
Terraform and Cloudflare provider version
Terraform v1.12.2
on darwin_arm64
+ provider registry.terraform.io/cloudflare/cloudflare v5.15.0
+ provider registry.terraform.io/digitalocean/digitalocean v2.72.0
+ provider registry.terraform.io/hashicorp/aws v6.28.0
+ provider registry.terraform.io/hashicorp/external v2.3.5
+ provider registry.terraform.io/hashicorp/random v3.7.2
+ provider registry.terraform.io/hashicorp/time v0.13.1
Affected resource(s)
cloudflare_hyperdrive_config
Terraform configuration files
resource "cloudflare_hyperdrive_config" "hyperdrive" {
account_id = local.cloudflare_account_id
name = "hyperdrive-${local.cfg.product}-${local.cfg.env}"
origin = {
scheme = "postgres"
host = local.hyperdrive_hostname
database = aws_db_instance.database.db_name
user = jsondecode(aws_secretsmanager_secret_version.hyperdrive_database_credentials.secret_string)["username"]
password = jsondecode(aws_secretsmanager_secret_version.hyperdrive_database_credentials.secret_string)["password"]
access_client_id = cloudflare_zero_trust_access_service_token.hyperdrive.client_id
access_client_secret = cloudflare_zero_trust_access_service_token.hyperdrive.client_secret
}
depends_on = [
cloudflare_zero_trust_tunnel_cloudflared_config.hyperdrive,
cloudflare_zero_trust_access_application.hyperdrive,
cloudflare_dns_record.hyperdrive
]
}Link to debug output
https://gist.github.com/oeed/c56077df73e48f1d87c0f42afaaf6de8
Panic output
No response
Expected output
No changes required, the exact infra has already been applied.
Actual output
Default values caching, mtls and origin_connection_limit keep trying to reapply, setting them to the values in the shown change stop the fighting, but the default values should not try to reapply each time.
Likewise, origin.access_client_secret and origin.password also keep trying to reapply, but if you add these to ignore_changes the request fails:
│ Error: failed to make http request
│
│ with cloudflare_hyperdrive_config.hyperdrive,
│ on hyperdrive.tf line 150, in resource "cloudflare_hyperdrive_config" "hyperdrive":
│ 150: resource "cloudflare_hyperdrive_config" "hyperdrive" {
│
│ PUT
│ "https://api.cloudflare.com/client/v4/accounts/68269213430c9dd6ca04acbac135752f/hyperdrive/configs/7ff507ae44444fa383126f63895d2d9c":
│ 400 Bad Request {
│ "result": null,
│ "success": false,
│ "errors": [
│ {
│ "code": 2007,
│ "message": "Invalid Hyperdrive config: origin: (access_client_secret: both access_client_id and access_client_secret must be set when either is passed; password: cannot be blank.)."
│ }
│ ],
│ "messages": null
│ }
│
Steps to reproduce
- Create a
cloudflare_hyperdrive_configresource, and provide access keys, leaving the noted variables unspecified. - Apply
- Try to apply again, the resource will show as still needing changes
Additional factoids
No response
References
No response