Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cloudflare_record does not handle deletion outside of Terraform #1621

Closed
2 tasks done
kierdavis opened this issue May 12, 2022 · 12 comments · Fixed by #1740
Closed
2 tasks done

cloudflare_record does not handle deletion outside of Terraform #1621

kierdavis opened this issue May 12, 2022 · 12 comments · Fixed by #1740
Labels
kind/bug Categorizes issue or PR as related to a bug. service/dns Categorizes issue or PR as related to the DNS service. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Milestone

Comments

@kierdavis
Copy link

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.1.7
on linux_amd64
+ provider registry.terraform.io/cloudflare/cloudflare v3.14.0

Your version of Terraform is out of date! The latest version
is 1.1.9. You can update by downloading from https://www.terraform.io/downloads.html

Affected resource(s)

  • cloudflare_record

Judging from the issue history, this probably affects other resources too.

Terraform configuration files

terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
      version = ">= 3.14.0"
    }
  }
}

provider "cloudflare" {
  account_id = chomp(file("./account_id"))
}

resource "cloudflare_record" "myhost" {
  zone_id = chomp(file("./zone_id"))
  name = "myhost"
  type = "A"
  value = "12.34.56.78"
  proxied = false
}

Debug output

2022-05-12T06:00:48.418-0500 [INFO]  Terraform version: 1.1.7
2022-05-12T06:00:48.418-0500 [INFO]  Go runtime version: go1.17.8
2022-05-12T06:00:48.418-0500 [INFO]  CLI args: []string{"terraform", "apply", "-no-color"}
2022-05-12T06:00:48.418-0500 [DEBUG] Attempting to open CLI config file: /home/kdavis/.terraformrc
2022-05-12T06:00:48.419-0500 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2022-05-12T06:00:48.419-0500 [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2022-05-12T06:00:48.419-0500 [DEBUG] ignoring non-existing provider search directory /home/kdavis/.terraform.d/plugins
2022-05-12T06:00:48.419-0500 [DEBUG] ignoring non-existing provider search directory /home/kdavis/.local/share/terraform/plugins
2022-05-12T06:00:48.419-0500 [DEBUG] ignoring non-existing provider search directory /usr/local/share/terraform/plugins
2022-05-12T06:00:48.419-0500 [DEBUG] ignoring non-existing provider search directory /usr/share/terraform/plugins
2022-05-12T06:00:48.419-0500 [INFO]  CLI command args: []string{"apply", "-no-color"}
2022-05-12T06:00:48.420-0500 [DEBUG] New state was assigned lineage "76aa3e91-9d09-0a28-a923-106afc2ac730"
2022-05-12T06:00:48.482-0500 [DEBUG] checking for provisioner in "."
2022-05-12T06:00:48.489-0500 [DEBUG] checking for provisioner in "/usr/bin"
2022-05-12T06:00:48.490-0500 [INFO]  backend/local: starting Apply operation
2022-05-12T06:00:48.492-0500 [DEBUG] created provider logger: level=debug
2022-05-12T06:00:48.492-0500 [INFO]  provider: configuring client automatic mTLS
2022-05-12T06:00:48.501-0500 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0 args=[.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0]
2022-05-12T06:00:48.502-0500 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0 pid=22753
2022-05-12T06:00:48.502-0500 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0
2022-05-12T06:00:48.507-0500 [INFO]  provider.terraform-provider-cloudflare_v3.14.0: configuring server automatic mTLS: timestamp=2022-05-12T06:00:48.507-0500
2022-05-12T06:00:48.526-0500 [DEBUG] provider.terraform-provider-cloudflare_v3.14.0: plugin address: address=/tmp/plugin216648483 network=unix timestamp=2022-05-12T06:00:48.525-0500
2022-05-12T06:00:48.526-0500 [DEBUG] provider: using plugin: version=5
2022-05-12T06:00:48.576-0500 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-05-12T06:00:48.576-0500 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0 pid=22753
2022-05-12T06:00:48.576-0500 [DEBUG] provider: plugin exited
2022-05-12T06:00:48.577-0500 [DEBUG] Building and walking validate graph
2022-05-12T06:00:48.577-0500 [DEBUG] ProviderTransformer: "cloudflare_record.myhost" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022-05-12T06:00:48.577-0500 [DEBUG] ReferenceTransformer: "cloudflare_record.myhost" references: []
2022-05-12T06:00:48.577-0500 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" references: []
2022-05-12T06:00:48.578-0500 [DEBUG] Starting graph walk: walkValidate
2022-05-12T06:00:48.578-0500 [DEBUG] created provider logger: level=debug
2022-05-12T06:00:48.578-0500 [INFO]  provider: configuring client automatic mTLS
2022-05-12T06:00:48.587-0500 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0 args=[.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0]
2022-05-12T06:00:48.588-0500 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0 pid=22762
2022-05-12T06:00:48.588-0500 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0
2022-05-12T06:00:48.593-0500 [INFO]  provider.terraform-provider-cloudflare_v3.14.0: configuring server automatic mTLS: timestamp=2022-05-12T06:00:48.593-0500
2022-05-12T06:00:48.611-0500 [DEBUG] provider.terraform-provider-cloudflare_v3.14.0: plugin address: address=/tmp/plugin2325534775 network=unix timestamp=2022-05-12T06:00:48.611-0500
2022-05-12T06:00:48.611-0500 [DEBUG] provider: using plugin: version=5
2022-05-12T06:00:48.670-0500 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-05-12T06:00:48.671-0500 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0 pid=22762
2022-05-12T06:00:48.671-0500 [DEBUG] provider: plugin exited
2022-05-12T06:00:48.672-0500 [INFO]  backend/local: apply calling Plan
2022-05-12T06:00:48.672-0500 [DEBUG] Building and walking plan graph for NormalMode
2022-05-12T06:00:48.672-0500 [DEBUG] ProviderTransformer: "cloudflare_record.myhost (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022-05-12T06:00:48.672-0500 [DEBUG] ReferenceTransformer: "cloudflare_record.myhost (expand)" references: []
2022-05-12T06:00:48.672-0500 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" references: []
2022-05-12T06:00:48.672-0500 [DEBUG] Starting graph walk: walkPlan
2022-05-12T06:00:48.672-0500 [DEBUG] created provider logger: level=debug
2022-05-12T06:00:48.672-0500 [INFO]  provider: configuring client automatic mTLS
2022-05-12T06:00:48.681-0500 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0 args=[.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0]
2022-05-12T06:00:48.681-0500 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0 pid=22770
2022-05-12T06:00:48.681-0500 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0
2022-05-12T06:00:48.687-0500 [INFO]  provider.terraform-provider-cloudflare_v3.14.0: configuring server automatic mTLS: timestamp=2022-05-12T06:00:48.686-0500
2022-05-12T06:00:48.705-0500 [DEBUG] provider.terraform-provider-cloudflare_v3.14.0: plugin address: address=/tmp/plugin2849232429 network=unix timestamp=2022-05-12T06:00:48.705-0500
2022-05-12T06:00:48.705-0500 [DEBUG] provider: using plugin: version=5
2022-05-12T06:00:48.766-0500 [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" changed the config value, but that value is unused
2022-05-12T06:00:48.767-0500 [INFO]  provider.terraform-provider-cloudflare_v3.14.0: 2022/05/12 06:00:48 [INFO] Cloudflare Client configured for user:: timestamp=2022-05-12T06:00:48.767-0500
2022-05-12T06:00:48.767-0500 [INFO]  provider.terraform-provider-cloudflare_v3.14.0: 2022/05/12 06:00:48 [INFO] Using specified account id REDACTED in Cloudflare provider: timestamp=2022-05-12T06:00:48.767-0500
2022-05-12T06:00:48.767-0500 [INFO]  provider.terraform-provider-cloudflare_v3.14.0: 2022/05/12 06:00:48 [INFO] Cloudflare Client configured for user:: timestamp=2022-05-12T06:00:48.767-0500
2022-05-12T06:00:48.767-0500 [DEBUG] ReferenceTransformer: "cloudflare_record.myhost" references: []
cloudflare_record.myhost: Refreshing state... [id=REDACTED]
2022-05-12T06:00:48.771-0500 [INFO]  provider.terraform-provider-cloudflare_v3.14.0: 2022/05/12 06:00:48 [DEBUG] Cloudflare API Request Details:
---[ REQUEST ]---------------------------------------
GET /client/v4/zones/REDACTED/dns_records/REDACTED HTTP/1.1
Host: api.cloudflare.com
User-Agent: terraform/1.1.7 terraform-plugin-sdk/2.10.1 terraform-provider-cloudflare/3.14.0
Authorization: Bearer REDACTED
Content-Type: application/json
Accept-Encoding: gzip


-----------------------------------------------------: timestamp=2022-05-12T06:00:48.771-0500
2022-05-12T06:00:49.633-0500 [INFO]  provider.terraform-provider-cloudflare_v3.14.0: 2022/05/12 06:00:49 [DEBUG] Cloudflare API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/1.1 404 Not Found
Connection: close
Transfer-Encoding: chunked
Cf-Cache-Status: DYNAMIC
Cf-Ray: REDACTED
Content-Type: application/json
Date: Thu, 12 May 2022 11:00:49 GMT
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
Set-Cookie: __cflb=REDACTED; SameSite=Lax; path=/; expires=Thu, 12-May-22 13:30:50 GMT; HttpOnly
Set-Cookie: __cfruid=REDACTED; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
Vary: Accept-Encoding
X-Envoy-Upstream-Service-Time: 13

6a
{
 "result": null,
 "success": false,
 "errors": [
  {
   "code": 81044,
   "message": "Record does not exist."
  }
 ],
 "messages": []
}
0


-----------------------------------------------------: timestamp=2022-05-12T06:00:49.632-0500
2022-05-12T06:00:49.634-0500 [ERROR] vertex "cloudflare_record.myhost" error: Record does not exist. (81044)
2022-05-12T06:00:49.634-0500 [ERROR] vertex "cloudflare_record.myhost" error: Record does not exist. (81044)
2022-05-12T06:00:49.634-0500 [ERROR] vertex "cloudflare_record.myhost (expand)" error: Record does not exist. (81044)

Error: Record does not exist. (81044)

  with cloudflare_record.myhost,
  on main.tf line 14, in resource "cloudflare_record" "myhost":
  14: resource "cloudflare_record" "myhost" {

2022-05-12T06:00:49.635-0500 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-05-12T06:00:49.637-0500 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.14.0/linux_amd64/terraform-provider-cloudflare_v3.14.0 pid=22770
2022-05-12T06:00:49.637-0500 [DEBUG] provider: plugin exited

Panic output

No response

Expected output

terraform apply reports something along the lines of:

Detected changes outside of Terraform: cloudflare_record.myhost deleted

Terraform will perform the following actions: create cloudflare_record.myhost

Actual output

terraform apply exits with an error:

cloudflare_record.myhost: Refreshing state... [id=REDACTED]
╷
│ Error: Record does not exist. (81044)
│
│   with cloudflare_record.myhost,
│   on main.tf line 14, in resource "cloudflare_record" "myhost":
│   14: resource "cloudflare_record" "myhost" {
│

No attempt is made to create cloudflare_record.myhost again.

Steps to reproduce

  • Create the resource using terraform apply
  • Delete the resource through the Cloudflare console
  • Run terraform apply again

Additional factoids

No response

References

Please could this be reviewed and fixed for all of this provider's resources?

@kierdavis kierdavis added kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels May 12, 2022
@jacobbednarz jacobbednarz added triage/accepted Indicates an issue or PR is ready to be actively worked on. service/dns Categorizes issue or PR as related to the DNS service. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels May 13, 2022
@socketbox
Copy link

Experiencing the same issue. Terraform will not create the record, while, at the same time, acknowledging that it does not exist.

Terraform v1.1.9                                               
on linux_amd64                                                 
+ provider registry.terraform.io/cloudflare/cloudflare v3.14.0 

@StickeyTape
Copy link

StickeyTape commented May 18, 2022

This started happening for us today too:

Terraform v1.1.9                                               
on linux_amd64                                                 
+ provider registry.terraform.io/cloudflare/cloudflare v3.15.0 

@StickeyTape
Copy link

Tested with Terraform v1.2.0 this morning -- still the same. Interesting finding though was that if I remove the record it refers to as non existing from the state file, and run terraform plan again, the error just jumps to another record. Importing the record back also makes no difference.

@meyerkev
Copy link

meyerkev commented May 20, 2022

+1, happened to us today too.

meyerkev@Kevins-MBP environments % terraform --version
Terraform v1.1.9
on darwin_arm64
+ provider registry.terraform.io/cloudflare/cloudflare v3.14.0

@ohmer
Copy link

ohmer commented May 25, 2022

+1, same error but slightly different trigger. I was moving resource across stacks via (terraform state rm + terraform import). Error:

│ Error: Record does not exist. (81044)
│
│   with module.certificate.cloudflare_record.this["test-portfolio"],
│   on ../../../../../modules/aws/acm-cloudflare/main.tf line 35, in resource "cloudflare_record" "this":
│   35: resource "cloudflare_record" "this" {

My custome module source:

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 3.0"
    }
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = ">= 3.0"
    }
  }
}

data "cloudflare_zone" "this" {
  name    = var.zone_name
  zone_id = var.zone_id
}

resource "aws_acm_certificate" "this" {
  domain_name               = format("%s.%s", var.primary_name, data.cloudflare_zone.this.name)
  subject_alternative_names = formatlist("%s.%s", distinct(concat([var.primary_name], var.alternative_names)), data.cloudflare_zone.this.name)
  tags                      = var.tags
  validation_method         = "DNS"

  options {
    # This has become a requirement de facto as Chrome requires CT.
    certificate_transparency_logging_preference = "ENABLED"
  }

  lifecycle {
    create_before_destroy = true
  }
}

resource "cloudflare_record" "this" {
  for_each = {
    for o in aws_acm_certificate.this.domain_validation_options :
    trimsuffix(o.domain_name, ".${data.cloudflare_zone.this.name}") => {
      name  = trimsuffix(o.resource_record_name, ".${data.cloudflare_zone.this.name}.")
      value = trimsuffix(o.resource_record_value, ".")
      type  = o.resource_record_type
    }
  }

  allow_overwrite = var.allow_overwrite
  zone_id         = data.cloudflare_zone.this.id
  name            = each.value.name
  value           = each.value.value
  type            = each.value.type
  proxied         = false
}

resource "aws_acm_certificate_validation" "this" {
  certificate_arn         = aws_acm_certificate.this.arn
  validation_record_fqdns = [for record in cloudflare_record.this : record.hostname]
}

Invocation:

data "cloudflare_zones" "this" {
  filter {
    name = local.zone_name
  }
}

module "certificate" {
  source = "../../../../../modules/aws/acm-cloudflare"

  zone_id           = data.cloudflare_zones.this.zones[0].id
  primary_name      = "*.${local.environment}"
  alternative_names = local.domain_names
}

Versions:

Terraform v1.1.3
on linux_amd64
+ provider registry.terraform.io/cloudflare/cloudflare v3.15.0
+ provider registry.terraform.io/datadog/datadog v3.12.0
+ provider registry.terraform.io/hashicorp/aws v4.15.1

@everops-miked
Copy link

everops-miked commented Jun 2, 2022

My workaround is to create a new bogus record, then pull the tfstate and modify the id of the record.

  1. use https://github.com/danielpigott/cloudflare-cli to get the id from the ls command.
  2. replace the IDTOREPLACE in the tfstate file
{
      "mode": "managed",
      "type": "cloudflare_record",
      "name": "THENAME",
      "provider": "provider[\"registry.terraform.io/cloudflare/cloudflare\"]",
      "instances": [
        {
          "schema_version": 2,
          "attributes": {
            "allow_overwrite": true,
            "created_on": "2022-04-21T17:47:18.00000Z",
            "data": [],
            "hostname": "subdomain.tld.com",
            "id": "IDTOREPLACE",
            "metadata": {

  1. run the plan to use that record again!

@leitmedium
Copy link

Just fiy:

I ran into this issue while setting up a Cloudflare pages space with a custom domain that is being managed by Cloudflare - which is being managed by terraform. While Cloudflare Web UI states it creates the dns CNAME entry itself it even deletes and recreates the entry that I made in advance.

@stuartm21
Copy link

stuartm21 commented Jun 13, 2022

@jacobbednarz Any solution for released for this?
cloudflare_record.myhost: Refreshing state... [id=REDACTED] ╷ │ Error: Record does not exist. (81044)

@zzn01
Copy link

zzn01 commented Jun 21, 2022

Workaround: Just remove it and import the new one(thanks @ohmer)

For example, if the resource is cloudflare_record.default:

terraform state rm cloudflare_record.default
terraform import cloudflare_record.default ae36f999674d196762efcc5abb06b345/d41d8cd98f00b204e9800998ecf8427e

How to get the id: https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/record#import

@kierdavis
Copy link
Author

As of b9dc7b5 this works now, thank you!

@Deku-shrub
Copy link

Another workaround that may work for some people is to "terraform state rm" the problematic record and then apply, assuming 'allow_overwrite' is true or this is not critical to manually delete then re-run.

@github-actions
Copy link
Contributor

This functionality has been released in v3.19.0 of the Terraform Cloudflare Provider.

Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug. service/dns Categorizes issue or PR as related to the DNS service. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Development

Successfully merging a pull request may close this issue.