Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rate Limit plan invalid when correlate not set #256

Closed
sodabrew opened this issue Mar 13, 2019 · 8 comments
Closed

Rate Limit plan invalid when correlate not set #256

sodabrew opened this issue Mar 13, 2019 · 8 comments

Comments

@sodabrew
Copy link

sodabrew commented Mar 13, 2019

In version 1.12, since PR #204 was merged, terraform plan against a cloudflare_rate_limit stanza that does not have correlate (it is listed as optional after all) and for which no correlate is set in the Console, always reports a pending change:

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ~ cloudflare_rate_limit.my_domain_name
      correlate.#: "1" => "0"

Plan: 0 to add, 1 to change, 0 to destroy.

Neither "1" nor "0" would seem to be valid values for correlate, given that by = "nat" is the only option shown in the provider docs - though I cannot even find the documentation for this feature - so I'm not sure what's a correct value here.

@13rac1
Copy link

13rac1 commented Mar 13, 2019

Additional information. The correlate field is listed as optional in the documentation: https://www.terraform.io/docs/providers/cloudflare/r/rate_limit.html#correlate and this provider:
https://github.com/terraform-providers/terraform-provider-cloudflare/blob/3969f39fa172863b0836edd5197230f5962e8f38/cloudflare/resource_cloudflare_rate_limit.go#L180-L182
But is always set (so not optional?):
https://github.com/terraform-providers/terraform-provider-cloudflare/blob/3969f39fa172863b0836edd5197230f5962e8f38/cloudflare/resource_cloudflare_rate_limit.go#L230

And is required (or at least will never be nil or missing) in the Cloudflare supplied structs: https://github.com/cloudflare/cloudflare-go/blob/9837a599c0ba49ff8208dd679b4500e8ece407a5/rate_limiting.go#L21

	Correlate   RateLimitCorrelate      `json:"correlate"`

Workaround to make Terraform idempotent is an empty correlate in the tf file:

correlate {}

@jacobbednarz
Copy link
Member

@sodabrew The reason it is showing up like that is because it's a List type, it keeps track of the number of elements in the type. A setting with correlate defined is:

correlate.#: "1"
correlate.0.by: "nat"

which translates to:

correlate {
  by = "nat"
}

I'll have to do some more digging as I'm not seeing this with the test configurations. Did you previously have a broken correlate setting in your Terraform state file? Could you try removing the rate limit using terraform state rm (or fully delete it from your terraform file) and then re-adding/import it?

@jacobbednarz
Copy link
Member

@jacobbednarz
Copy link
Member

Ok, so I've narrowed this down to the Read method and it unnecessarily trying to sync with the remote side of things. I'm now just trying to work out the exact type to wrap an if check in to ensure that it still works when importing (the initial issue in #204) and plan/apply don't trigger extra changes.

@jacobbednarz
Copy link
Member

The most sensible approach I can come up with is the following:

diff --git a/cloudflare/resource_cloudflare_rate_limit.go b/cloudflare/resource_cloudflare_rate_limit.go
index dfc531d..fc239b5 100644
--- a/cloudflare/resource_cloudflare_rate_limit.go
+++ b/cloudflare/resource_cloudflare_rate_limit.go
@@ -227,7 +227,10 @@ func resourceCloudflareRateLimitCreate(d *schema.ResourceData, meta interface{})

+       if rateLimit.Correlate != nil {
+               d.Set("correlate", flattenRateLimitCorrelate(*rateLimit.Correlate))
+       }
+
        d.Set("description", rateLimit.Description)
        d.Set("disabled", rateLimit.Disabled)

diff --git a/vendor/github.com/cloudflare/cloudflare-go/rate_limiting.go b/vendor/github.com/cloudflare/cloudflare-go/rate_limiting.go
index 253c44b..2b3690c 100644
--- a/vendor/github.com/cloudflare/cloudflare-go/rate_limiting.go
+++ b/vendor/github.com/cloudflare/cloudflare-go/rate_limiting.go
@@ -18,7 +18,7 @@ type RateLimit struct {
        Threshold   int                     `json:"threshold"`
        Period      int                     `json:"period"`
        Action      RateLimitAction         `json:"action"`
-       Correlate   RateLimitCorrelate      `json:"correlate"`
+       Correlate   *RateLimitCorrelate     `json:"correlate"`
 }

 // RateLimitTrafficMatcher contains the rules that will be used to apply a rate limit to traffic

This does mean though, we'll need to address this in the underlying library first but it does cover all of our use cases and prevents the need to do weird things with the built in Terraform types.

@jacobbednarz
Copy link
Member

Have opened cloudflare/cloudflare-go#281 to get this addressed upstream and then I can fix it here too.

@jacobbednarz
Copy link
Member

This has landed so I'll be taking a pass at this in the coming days.

jacobbednarz added a commit to jacobbednarz/terraform-provider-cloudflare that referenced this issue Mar 27, 2019
We only want to set `rateLimit.Correlate` when it's required. This stops
the value from continiously being updated in the Terraform state but not
changed in the remote.

Closes cloudflare#256
@patryk patryk closed this as completed in 08aa117 Mar 27, 2019
@13rac1
Copy link

13rac1 commented Mar 27, 2019

Awesome! Thanks!

boekkooi-lengoo pushed a commit to boekkooi-lengoo/terraform-provider-cloudflare that referenced this issue Feb 28, 2022
This file wasn't committed in cloudflare#246 so we can add it here to ensure
everyone is on the same versions.

Fixes cloudflare#256.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants