Running Terraform with the cloudflare_zero_trust_access_policy resource results in updates on every apply, even when no changes are made - breaks idempotency #5565
Description
Confirmation
- This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
- I have searched the issue tracker and my issue isn't already found.
- I have replicated my issue using the latest version of the provider and it is still present.
Terraform and Cloudflare provider version
❯ tofu -v
OpenTofu v1.9.0
on darwin_arm64
+ provider registry.opentofu.org/cloudflare/cloudflare v5.4.0
Affected resource(s)
cloudflare_zero_trust_access_policy
Terraform configuration files
resource "cloudflare_zero_trust_access_policy" "test123" {
account_id = "b39266dd4dcec1a04068ba36d36bd250"
name = "Test123"
decision = "bypass"
include = [{
ip = {
ip = "1.1.1.1/32"
}
}]
}Link to debug output
Logs are below...
Panic output
No response
Expected output
Terraform/OpenTofu should not modify existing resources when no changes have been made to the configuration, maintaining idempotency.
Actual output
Debug output:
❯ TF_LOG=DEBUG tofu apply
2025-05-10T06:02:56.424+0200 [INFO] OpenTofu version: 1.9.0
2025-05-10T06:02:56.425+0200 [DEBUG] using github.com/hashicorp/go-tfe v1.36.0
2025-05-10T06:02:56.425+0200 [DEBUG] using github.com/opentofu/hcl/v2 v2.0.0-20240814143621-8048794c5c52
2025-05-10T06:02:56.425+0200 [DEBUG] using github.com/hashicorp/terraform-svchost v0.1.1
2025-05-10T06:02:56.425+0200 [DEBUG] using github.com/zclconf/go-cty v1.14.4
2025-05-10T06:02:56.425+0200 [INFO] Go runtime version: go1.22.8
2025-05-10T06:02:56.425+0200 [INFO] CLI args: []string{"tofu", "apply"}
2025-05-10T06:02:56.425+0200 [DEBUG] Attempting to open CLI config file: /Users/Petr_Ruzicka/.terraformrc
2025-05-10T06:02:56.425+0200 [INFO] Loading CLI configuration from /Users/Petr_Ruzicka/.terraformrc
2025-05-10T06:02:56.425+0200 [INFO] Loading CLI configuration from /Users/Petr_Ruzicka/.terraform.d/credentials.tfrc.json
2025-05-10T06:02:56.426+0200 [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2025-05-10T06:02:56.426+0200 [DEBUG] ignoring non-existing provider search directory /Users/Petr_Ruzicka/.terraform.d/plugins
2025-05-10T06:02:56.426+0200 [DEBUG] ignoring non-existing provider search directory /Users/Petr_Ruzicka/Library/Application Support/io.terraform/plugins
2025-05-10T06:02:56.426+0200 [DEBUG] ignoring non-existing provider search directory /Library/Application Support/io.terraform/plugins
2025-05-10T06:02:56.426+0200 [DEBUG] Found the config directory: /Users/Petr_Ruzicka/.terraform.d
2025-05-10T06:02:56.426+0200 [INFO] CLI command args: []string{"apply"}
2025-05-10T06:02:56.427+0200 [DEBUG] New state was assigned lineage "b67431f4-d50b-57c4-a0d5-b92678f12a1c"
2025-05-10T06:02:56.498+0200 [DEBUG] checking for provisioner in "."
2025-05-10T06:02:56.498+0200 [DEBUG] checking for provisioner in "/Users/Petr_Ruzicka/.local/share/mise/installs/opentofu/1.9.0"
2025-05-10T06:02:56.498+0200 [INFO] backend/local: starting Apply operation
2025-05-10T06:02:56.499+0200 [DEBUG] created provider logger: level=debug
2025-05-10T06:02:56.499+0200 [INFO] provider: configuring client automatic mTLS
2025-05-10T06:02:56.505+0200 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0 args=[".terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0"]
2025-05-10T06:02:56.508+0200 [DEBUG] provider: plugin started: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0 pid=56151
2025-05-10T06:02:56.508+0200 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0
2025-05-10T06:02:56.527+0200 [INFO] provider.terraform-provider-cloudflare_v5.4.0: configuring server automatic mTLS: timestamp="2025-05-10T06:02:56.527+0200"
2025-05-10T06:02:56.532+0200 [DEBUG] provider: using plugin: version=6
2025-05-10T06:02:56.532+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: plugin address: address=/var/folders/wb/dkzjmtm56t96jv2q12424vg40000gp/T/plugin3910239 network=unix timestamp="2025-05-10T06:02:56.532+0200"
2025-05-10T06:02:56.573+0200 [DEBUG] No provider meta schema returned
2025-05-10T06:02:56.583+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2025-05-10T06:02:56.584+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0 pid=56151
2025-05-10T06:02:56.584+0200 [DEBUG] provider: plugin exited
2025-05-10T06:02:56.585+0200 [DEBUG] Building and walking validate graph
2025-05-10T06:02:56.585+0200 [DEBUG] ProviderTransformer: "cloudflare_zero_trust_access_policy.test123" (*tofu.NodeValidatableResource) needs provider["registry.opentofu.org/cloudflare/cloudflare"]
2025-05-10T06:02:56.585+0200 [DEBUG] ReferenceTransformer: "provider[\"registry.opentofu.org/cloudflare/cloudflare\"]" references: []
2025-05-10T06:02:56.585+0200 [DEBUG] ReferenceTransformer: "cloudflare_zero_trust_access_policy.test123" references: []
2025-05-10T06:02:56.585+0200 [DEBUG] Starting graph walk: walkValidate
2025-05-10T06:02:56.585+0200 [DEBUG] created provider logger: level=debug
2025-05-10T06:02:56.585+0200 [INFO] provider: configuring client automatic mTLS
2025-05-10T06:02:56.587+0200 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0 args=[".terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0"]
2025-05-10T06:02:56.591+0200 [DEBUG] provider: plugin started: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0 pid=56152
2025-05-10T06:02:56.591+0200 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0
2025-05-10T06:02:56.610+0200 [INFO] provider.terraform-provider-cloudflare_v5.4.0: configuring server automatic mTLS: timestamp="2025-05-10T06:02:56.610+0200"
2025-05-10T06:02:56.616+0200 [DEBUG] provider: using plugin: version=6
2025-05-10T06:02:56.616+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: plugin address: address=/var/folders/wb/dkzjmtm56t96jv2q12424vg40000gp/T/plugin916266667 network=unix timestamp="2025-05-10T06:02:56.616+0200"
2025-05-10T06:02:56.622+0200 [DEBUG] skipping FixUpBlockAttrs
2025-05-10T06:02:56.625+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2025-05-10T06:02:56.626+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0 pid=56152
2025-05-10T06:02:56.626+0200 [DEBUG] provider: plugin exited
2025-05-10T06:02:56.626+0200 [INFO] backend/local: apply calling Plan
2025-05-10T06:02:56.626+0200 [DEBUG] Building and walking plan graph for NormalMode
2025-05-10T06:02:56.626+0200 [DEBUG] ProviderTransformer: "cloudflare_zero_trust_access_policy.test123 (expand)" (*tofu.nodeExpandPlannableResource) needs provider["registry.opentofu.org/cloudflare/cloudflare"]
2025-05-10T06:02:56.626+0200 [DEBUG] ReferenceTransformer: "cloudflare_zero_trust_access_policy.test123 (expand)" references: []
2025-05-10T06:02:56.626+0200 [DEBUG] ReferenceTransformer: "provider[\"registry.opentofu.org/cloudflare/cloudflare\"]" references: []
2025-05-10T06:02:56.626+0200 [DEBUG] Starting graph walk: walkPlan
2025-05-10T06:02:56.627+0200 [DEBUG] created provider logger: level=debug
2025-05-10T06:02:56.627+0200 [INFO] provider: configuring client automatic mTLS
2025-05-10T06:02:56.629+0200 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0 args=[".terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0"]
2025-05-10T06:02:56.632+0200 [DEBUG] provider: plugin started: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0 pid=56153
2025-05-10T06:02:56.632+0200 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0
2025-05-10T06:02:56.651+0200 [INFO] provider.terraform-provider-cloudflare_v5.4.0: configuring server automatic mTLS: timestamp="2025-05-10T06:02:56.651+0200"
2025-05-10T06:02:56.656+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: plugin address: address=/var/folders/wb/dkzjmtm56t96jv2q12424vg40000gp/T/plugin1013462543 network=unix timestamp="2025-05-10T06:02:56.656+0200"
2025-05-10T06:02:56.656+0200 [DEBUG] provider: using plugin: version=6
2025-05-10T06:02:56.662+0200 [DEBUG] ReferenceTransformer: "cloudflare_zero_trust_access_policy.test123" references: []
cloudflare_zero_trust_access_policy.test123: Refreshing state... [id=29475c2c-c921-486f-916b-9bdc6dc85abf]
2025-05-10T06:02:56.667+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0:
GET /client/v4/accounts/b39266dd4dcec1a04068ba36d36bd250/access/policies/29475c2c-c921-486f-916b-9bdc6dc85abf HTTP/1.1
> x-stainless-runtime: terraform-plugin-framework
> x-auth-key: [redacted]
> x-auth-email: [redacted]
> x-stainless-runtime-version: 1.14.1
> accept: application/json
> x-stainless-package-version: 5.4.0
> authorization: [redacted]
> x-stainless-lang: Terraform
> x-stainless-arch: arm64
> x-stainless-retry-count: 0
> user-agent: terraform-provider-cloudflare/5.4.0 terraform-plugin-framework/1.14.1 terraform/1.9.0
> x-stainless-os: MacOS: tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 tf_rpc=ReadResource @module=cloudflare tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_resource_type=cloudflare_zero_trust_access_policy @caller=github.com/cloudflare/terraform-provider-cloudflare/internal/logging/logging.go:64 timestamp="2025-05-10T06:02:56.667+0200"
2025-05-10T06:02:57.469+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0:
< HTTP/2.0 200 OK
< cf-ray: 93d68b415eb8d27a-FRA
< strict-transport-security: max-age=31536000; includeSubDomains
< date: Sat, 10 May 2025 04:02:57 GMT
< cf-cache-status: DYNAMIC
< api-version: 2025-05-10
< cf-auditlog-id: 0196b85c-44e3-7b20-948a-733db7055287
< content-security-policy: frame-ancestors 'none'; default-src https: 'unsafe-inline'
< x-frame-options: DENY
< server: cloudflare
< content-type: application/json; charset=UTF-8
< set-cookie: __cflb=0H28vgHxwvgAQtjUGU4yFBDJQfw1pfzuC9kbCnpez3w; SameSite=Lax; path=/; expires=Sat, 10-May-25 06:32:58 GMT; HttpOnly
< set-cookie: __cf_bm=dYospv6OCgGQ9Lr_Wbgz1M83eTTfqBFaWlIE1JVmY20-1746849777-1.0.1.1-Vvlhzy..bJnmtkncZ5Zgit5ToBEYsY80VUW8yRJ4tbu1JWmgltI92WVeoejNL2ARnsKZXliu68.m9Do1R05_iA3t500Yjke7vegxpjLQjDE; path=/; expires=Sat, 10-May-25 04:32:57 GMT; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
< set-cookie: _cfuvid=AxRzdrkr0abKZVIRvxKPNqOHZW7cIkAfXkIFGEyPCp8-1746849777452-0.0.1.1-604800000; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
< vary: Accept-Encoding
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
<
{
"result": {
"created_at": "2025-05-10T03:55:22Z",
"decision": "bypass",
"exclude": [],
"id": "29475c2c-c921-486f-916b-9bdc6dc85abf",
"include": [
{
"ip": {
"ip": "1.1.1.1/32"
}
}
],
"name": "Test123",
"require": [],
"session_duration": "24h",
"uid": "29475c2c-c921-486f-916b-9bdc6dc85abf",
"updated_at": "2025-05-10T03:57:54Z",
"reusable": true,
"app_count": 0
},
"success": true,
"errors": [],
"messages": []
}
: @module=cloudflare tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_rpc=ReadResource @caller=github.com/cloudflare/terraform-provider-cloudflare/internal/logging/logging.go:92 tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 tf_resource_type=cloudflare_zero_trust_access_policy timestamp="2025-05-10T06:02:57.469+0200"
2025-05-10T06:02:57.474+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @module=sdk.framework tf_attribute_path=include[0].ip.ip tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 tf_rpc=ReadResource @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_resource_type=cloudflare_zero_trust_access_policy timestamp="2025-05-10T06:02:57.474+0200"
2025-05-10T06:02:57.474+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_attribute_path=include[0].ip tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_rpc=ReadResource @module=sdk.framework tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 tf_resource_type=cloudflare_zero_trust_access_policy timestamp="2025-05-10T06:02:57.474+0200"
2025-05-10T06:02:57.474+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_provider_addr=registry.terraform.io/cloudflare/cloudflare @module=sdk.framework tf_attribute_path=include[0] tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=ReadResource timestamp="2025-05-10T06:02:57.474+0200"
2025-05-10T06:02:57.474+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @module=sdk.framework tf_attribute_path=include tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=ReadResource @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 timestamp="2025-05-10T06:02:57.474+0200"
2025-05-10T06:02:57.474+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_rpc=ReadResource tf_resource_type=cloudflare_zero_trust_access_policy @module=sdk.framework tf_attribute_path=decision tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 timestamp="2025-05-10T06:02:57.474+0200"
2025-05-10T06:02:57.474+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @module=sdk.framework tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=ReadResource @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_attribute_path=name tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 timestamp="2025-05-10T06:02:57.474+0200"
2025-05-10T06:02:57.474+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @module=sdk.framework tf_attribute_path=reusable tf_provider_addr=registry.terraform.io/cloudflare/cloudflare @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=ReadResource timestamp="2025-05-10T06:02:57.474+0200"
2025-05-10T06:02:57.475+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: tf_rpc=ReadResource @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_provider_addr=registry.terraform.io/cloudflare/cloudflare @module=sdk.framework tf_attribute_path=created_at tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 tf_resource_type=cloudflare_zero_trust_access_policy timestamp="2025-05-10T06:02:57.475+0200"
2025-05-10T06:02:57.475+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=ReadResource tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 @module=sdk.framework tf_attribute_path=session_duration tf_provider_addr=registry.terraform.io/cloudflare/cloudflare timestamp="2025-05-10T06:02:57.475+0200"
2025-05-10T06:02:57.475+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @module=sdk.framework tf_rpc=ReadResource tf_resource_type=cloudflare_zero_trust_access_policy @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_attribute_path=updated_at tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 timestamp="2025-05-10T06:02:57.475+0200"
2025-05-10T06:02:57.475+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=ReadResource @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 @module=sdk.framework tf_attribute_path=id timestamp="2025-05-10T06:02:57.475+0200"
2025-05-10T06:02:57.475+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_rpc=ReadResource @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 @module=sdk.framework tf_resource_type=cloudflare_zero_trust_access_policy tf_attribute_path=app_count tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 timestamp="2025-05-10T06:02:57.475+0200"
2025-05-10T06:02:57.475+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @module=sdk.framework tf_attribute_path=account_id tf_req_id=f10cd56e-6d86-964d-a6d2-f35b185ead89 tf_resource_type=cloudflare_zero_trust_access_policy tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_rpc=ReadResource @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 timestamp="2025-05-10T06:02:57.475+0200"
2025-05-10T06:02:57.480+0200 [WARN] Provider "registry.opentofu.org/cloudflare/cloudflare" produced an unexpected new value for cloudflare_zero_trust_access_policy.test123 during refresh.
- .exclude: was null, but now cty.ListValEmpty(cty.Object(map[string]cty.Type{"any_valid_service_token":cty.EmptyObject, "auth_context":cty.Object(map[string]cty.Type{"ac_id":cty.String, "id":cty.String, "identity_provider_id":cty.String}), "auth_method":cty.Object(map[string]cty.Type{"auth_method":cty.String}), "azure_ad":cty.Object(map[string]cty.Type{"id":cty.String, "identity_provider_id":cty.String}), "certificate":cty.EmptyObject, "common_name":cty.Object(map[string]cty.Type{"common_name":cty.String}), "device_posture":cty.Object(map[string]cty.Type{"integration_uid":cty.String}), "email":cty.Object(map[string]cty.Type{"email":cty.String}), "email_domain":cty.Object(map[string]cty.Type{"domain":cty.String}), "email_list":cty.Object(map[string]cty.Type{"id":cty.String}), "everyone":cty.EmptyObject, "external_evaluation":cty.Object(map[string]cty.Type{"evaluate_url":cty.String, "keys_url":cty.String}), "geo":cty.Object(map[string]cty.Type{"country_code":cty.String}), "github_organization":cty.Object(map[string]cty.Type{"identity_provider_id":cty.String, "name":cty.String, "team":cty.String}), "group":cty.Object(map[string]cty.Type{"id":cty.String}), "gsuite":cty.Object(map[string]cty.Type{"email":cty.String, "identity_provider_id":cty.String}), "ip":cty.Object(map[string]cty.Type{"ip":cty.String}), "ip_list":cty.Object(map[string]cty.Type{"id":cty.String}), "login_method":cty.Object(map[string]cty.Type{"id":cty.String}), "okta":cty.Object(map[string]cty.Type{"identity_provider_id":cty.String, "name":cty.String}), "saml":cty.Object(map[string]cty.Type{"attribute_name":cty.String, "attribute_value":cty.String, "identity_provider_id":cty.String}), "service_token":cty.Object(map[string]cty.Type{"token_id":cty.String})}))
- .require: was null, but now cty.ListValEmpty(cty.Object(map[string]cty.Type{"any_valid_service_token":cty.EmptyObject, "auth_context":cty.Object(map[string]cty.Type{"ac_id":cty.String, "id":cty.String, "identity_provider_id":cty.String}), "auth_method":cty.Object(map[string]cty.Type{"auth_method":cty.String}), "azure_ad":cty.Object(map[string]cty.Type{"id":cty.String, "identity_provider_id":cty.String}), "certificate":cty.EmptyObject, "common_name":cty.Object(map[string]cty.Type{"common_name":cty.String}), "device_posture":cty.Object(map[string]cty.Type{"integration_uid":cty.String}), "email":cty.Object(map[string]cty.Type{"email":cty.String}), "email_domain":cty.Object(map[string]cty.Type{"domain":cty.String}), "email_list":cty.Object(map[string]cty.Type{"id":cty.String}), "everyone":cty.EmptyObject, "external_evaluation":cty.Object(map[string]cty.Type{"evaluate_url":cty.String, "keys_url":cty.String}), "geo":cty.Object(map[string]cty.Type{"country_code":cty.String}), "github_organization":cty.Object(map[string]cty.Type{"identity_provider_id":cty.String, "name":cty.String, "team":cty.String}), "group":cty.Object(map[string]cty.Type{"id":cty.String}), "gsuite":cty.Object(map[string]cty.Type{"email":cty.String, "identity_provider_id":cty.String}), "ip":cty.Object(map[string]cty.Type{"ip":cty.String}), "ip_list":cty.Object(map[string]cty.Type{"id":cty.String}), "login_method":cty.Object(map[string]cty.Type{"id":cty.String}), "okta":cty.Object(map[string]cty.Type{"identity_provider_id":cty.String, "name":cty.String}), "saml":cty.Object(map[string]cty.Type{"attribute_name":cty.String, "attribute_value":cty.String, "identity_provider_id":cty.String}), "service_token":cty.Object(map[string]cty.Type{"token_id":cty.String})}))
2025-05-10T06:02:57.481+0200 [DEBUG] skipping FixUpBlockAttrs
2025-05-10T06:02:57.493+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Detected value change between proposed new state and prior state: @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:220 @module=sdk.framework tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=PlanResourceChange tf_attribute_path=require tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=66250636-41e9-e3dc-2de7-c46d287b280e timestamp="2025-05-10T06:02:57.493+0200"
2025-05-10T06:02:57.493+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Detected value change between proposed new state and prior state: @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:220 tf_resource_type=cloudflare_zero_trust_access_policy tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=66250636-41e9-e3dc-2de7-c46d287b280e tf_rpc=PlanResourceChange @module=sdk.framework tf_attribute_path=exclude timestamp="2025-05-10T06:02:57.493+0200"
2025-05-10T06:02:57.493+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Marking Computed attributes with null configuration values as unknown (known after apply) in the plan to prevent potential Terraform errors: tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=66250636-41e9-e3dc-2de7-c46d287b280e tf_rpc=PlanResourceChange tf_resource_type=cloudflare_zero_trust_access_policy @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:229 @module=sdk.framework timestamp="2025-05-10T06:02:57.493+0200"
2025-05-10T06:02:57.493+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: marking computed attribute that is null in the config as unknown: @module=sdk.framework tf_attribute_path="AttributeName(\"updated_at\")" tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_resource_type=cloudflare_zero_trust_access_policy @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:480 tf_req_id=66250636-41e9-e3dc-2de7-c46d287b280e tf_rpc=PlanResourceChange timestamp="2025-05-10T06:02:57.493+0200"
2025-05-10T06:02:57.493+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: marking computed attribute that is null in the config as unknown: tf_rpc=PlanResourceChange @module=sdk.framework tf_attribute_path="AttributeName(\"app_count\")" tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=66250636-41e9-e3dc-2de7-c46d287b280e tf_resource_type=cloudflare_zero_trust_access_policy @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:480 timestamp="2025-05-10T06:02:57.493+0200"
2025-05-10T06:02:57.494+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: marking computed attribute that is null in the config as unknown: tf_req_id=66250636-41e9-e3dc-2de7-c46d287b280e tf_resource_type=cloudflare_zero_trust_access_policy @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:480 @module=sdk.framework tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_attribute_path="AttributeName(\"created_at\")" tf_rpc=PlanResourceChange timestamp="2025-05-10T06:02:57.493+0200"
2025-05-10T06:02:57.494+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: marking computed attribute that is null in the config as unknown: @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:480 @module=sdk.framework tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=66250636-41e9-e3dc-2de7-c46d287b280e tf_attribute_path="AttributeName(\"reusable\")" tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=PlanResourceChange timestamp="2025-05-10T06:02:57.493+0200"
2025-05-10T06:02:57.494+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: marking computed attribute that is null in the config as unknown: @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:480 @module=sdk.framework tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_attribute_path="AttributeName(\"id\")" tf_req_id=66250636-41e9-e3dc-2de7-c46d287b280e tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=PlanResourceChange timestamp="2025-05-10T06:02:57.494+0200"
2025-05-10T06:02:57.502+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2025-05-10T06:02:57.503+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0 pid=56153
2025-05-10T06:02:57.503+0200 [DEBUG] provider: plugin exited
2025-05-10T06:02:57.504+0200 [DEBUG] building apply graph to check for errors
2025-05-10T06:02:57.504+0200 [DEBUG] ProviderTransformer: "cloudflare_zero_trust_access_policy.test123" (*tofu.NodeApplyableResourceInstance) needs provider["registry.opentofu.org/cloudflare/cloudflare"]
2025-05-10T06:02:57.504+0200 [DEBUG] ProviderTransformer: "cloudflare_zero_trust_access_policy.test123 (expand)" (*tofu.nodeExpandApplyableResource) needs provider["registry.opentofu.org/cloudflare/cloudflare"]
2025-05-10T06:02:57.504+0200 [DEBUG] ReferenceTransformer: "cloudflare_zero_trust_access_policy.test123 (expand)" references: []
2025-05-10T06:02:57.504+0200 [DEBUG] ReferenceTransformer: "cloudflare_zero_trust_access_policy.test123" references: []
2025-05-10T06:02:57.504+0200 [DEBUG] ReferenceTransformer: "provider[\"registry.opentofu.org/cloudflare/cloudflare\"]" references: []
OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
OpenTofu will perform the following actions:
# cloudflare_zero_trust_access_policy.test123 will be updated in-place
~ resource "cloudflare_zero_trust_access_policy" "test123" {
~ app_count = 0 -> (known after apply)
~ created_at = "2025-05-10T03:55:22Z" -> (known after apply)
- exclude = [] -> null
id = "29475c2c-c921-486f-916b-9bdc6dc85abf"
name = "Test123"
- require = [] -> null
~ reusable = true -> (known after apply)
~ updated_at = "2025-05-10T03:57:54Z" -> (known after apply)
# (4 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
2025-05-10T06:02:57.509+0200 [DEBUG] command: asking for input: "\nDo you want to perform these actions?"
Do you want to perform these actions?
OpenTofu will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
2025-05-10T06:03:05.336+0200 [INFO] backend/local: apply calling Apply
2025-05-10T06:03:05.336+0200 [DEBUG] Building and walking apply graph for NormalMode plan
2025-05-10T06:03:05.337+0200 [DEBUG] ProviderTransformer: "cloudflare_zero_trust_access_policy.test123 (expand)" (*tofu.nodeExpandApplyableResource) needs provider["registry.opentofu.org/cloudflare/cloudflare"]
2025-05-10T06:03:05.337+0200 [DEBUG] ProviderTransformer: "cloudflare_zero_trust_access_policy.test123" (*tofu.NodeApplyableResourceInstance) needs provider["registry.opentofu.org/cloudflare/cloudflare"]
2025-05-10T06:03:05.337+0200 [DEBUG] ReferenceTransformer: "cloudflare_zero_trust_access_policy.test123 (expand)" references: []
2025-05-10T06:03:05.337+0200 [DEBUG] ReferenceTransformer: "cloudflare_zero_trust_access_policy.test123" references: []
2025-05-10T06:03:05.337+0200 [DEBUG] ReferenceTransformer: "provider[\"registry.opentofu.org/cloudflare/cloudflare\"]" references: []
2025-05-10T06:03:05.338+0200 [DEBUG] Starting graph walk: walkApply
2025-05-10T06:03:05.338+0200 [DEBUG] created provider logger: level=debug
2025-05-10T06:03:05.338+0200 [INFO] provider: configuring client automatic mTLS
2025-05-10T06:03:05.346+0200 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0 args=[".terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0"]
2025-05-10T06:03:05.353+0200 [DEBUG] provider: plugin started: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0 pid=56228
2025-05-10T06:03:05.353+0200 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0
2025-05-10T06:03:05.385+0200 [INFO] provider.terraform-provider-cloudflare_v5.4.0: configuring server automatic mTLS: timestamp="2025-05-10T06:03:05.385+0200"
2025-05-10T06:03:05.393+0200 [DEBUG] provider: using plugin: version=6
2025-05-10T06:03:05.393+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: plugin address: network=unix address=/var/folders/wb/dkzjmtm56t96jv2q12424vg40000gp/T/plugin1680777831 timestamp="2025-05-10T06:03:05.393+0200"
2025-05-10T06:03:05.404+0200 [DEBUG] skipping FixUpBlockAttrs
2025-05-10T06:03:05.409+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Detected value change between proposed new state and prior state: @module=sdk.framework tf_attribute_path=exclude tf_req_id=7544f5d8-8397-b1ff-cc19-006b41a423ba @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:220 tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=PlanResourceChange timestamp="2025-05-10T06:03:05.409+0200"
2025-05-10T06:03:05.409+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Detected value change between proposed new state and prior state: tf_attribute_path=require tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=7544f5d8-8397-b1ff-cc19-006b41a423ba tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=PlanResourceChange @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:220 @module=sdk.framework timestamp="2025-05-10T06:03:05.409+0200"
2025-05-10T06:03:05.409+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Marking Computed attributes with null configuration values as unknown (known after apply) in the plan to prevent potential Terraform errors: tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_rpc=PlanResourceChange @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:229 tf_req_id=7544f5d8-8397-b1ff-cc19-006b41a423ba tf_resource_type=cloudflare_zero_trust_access_policy @module=sdk.framework timestamp="2025-05-10T06:03:05.409+0200"
2025-05-10T06:03:05.409+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: marking computed attribute that is null in the config as unknown: @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:480 @module=sdk.framework tf_attribute_path="AttributeName(\"updated_at\")" tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_rpc=PlanResourceChange tf_req_id=7544f5d8-8397-b1ff-cc19-006b41a423ba tf_resource_type=cloudflare_zero_trust_access_policy timestamp="2025-05-10T06:03:05.409+0200"
2025-05-10T06:03:05.409+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: marking computed attribute that is null in the config as unknown: @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:480 tf_attribute_path="AttributeName(\"id\")" tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=7544f5d8-8397-b1ff-cc19-006b41a423ba tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=PlanResourceChange @module=sdk.framework timestamp="2025-05-10T06:03:05.409+0200"
2025-05-10T06:03:05.409+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: marking computed attribute that is null in the config as unknown: tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_rpc=PlanResourceChange @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:480 @module=sdk.framework tf_attribute_path="AttributeName(\"reusable\")" tf_req_id=7544f5d8-8397-b1ff-cc19-006b41a423ba tf_resource_type=cloudflare_zero_trust_access_policy timestamp="2025-05-10T06:03:05.409+0200"
2025-05-10T06:03:05.409+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: marking computed attribute that is null in the config as unknown: @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:480 @module=sdk.framework tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=PlanResourceChange tf_attribute_path="AttributeName(\"app_count\")" tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=7544f5d8-8397-b1ff-cc19-006b41a423ba timestamp="2025-05-10T06:03:05.409+0200"
2025-05-10T06:03:05.409+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: marking computed attribute that is null in the config as unknown: tf_attribute_path="AttributeName(\"created_at\")" tf_req_id=7544f5d8-8397-b1ff-cc19-006b41a423ba tf_rpc=PlanResourceChange @module=sdk.framework @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:480 tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_resource_type=cloudflare_zero_trust_access_policy timestamp="2025-05-10T06:03:05.409+0200"
cloudflare_zero_trust_access_policy.test123: Modifying... [id=29475c2c-c921-486f-916b-9bdc6dc85abf]
2025-05-10T06:03:05.414+0200 [INFO] Starting apply for cloudflare_zero_trust_access_policy.test123
2025-05-10T06:03:05.414+0200 [DEBUG] skipping FixUpBlockAttrs
2025-05-10T06:03:05.414+0200 [DEBUG] cloudflare_zero_trust_access_policy.test123: applying the planned Update change
2025-05-10T06:03:05.416+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0:
PUT /client/v4/accounts/b39266dd4dcec1a04068ba36d36bd250/access/policies/29475c2c-c921-486f-916b-9bdc6dc85abf HTTP/1.1
> authorization: [redacted]
> x-stainless-package-version: 5.4.0
> accept: application/json
> user-agent: terraform-provider-cloudflare/5.4.0 terraform-plugin-framework/1.14.1 terraform/1.9.0
> x-stainless-runtime: terraform-plugin-framework
> x-stainless-runtime-version: 1.14.1
> x-auth-email: [redacted]
> x-stainless-arch: arm64
> content-type: application/json
> x-stainless-retry-count: 0
> x-stainless-os: MacOS
> x-stainless-lang: Terraform
> x-auth-key: [redacted]
>
{"decision":"bypass","exclude":null,"include":[{"ip":{"ip":"1.1.1.1/32"}}],"name":"Test123","require":null,"session_duration":"24h"}
: @caller=github.com/cloudflare/terraform-provider-cloudflare/internal/logging/logging.go:64 @module=cloudflare tf_req_id=fd9ee350-192a-9431-09cf-58525ece67e1 tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=ApplyResourceChange tf_provider_addr=registry.terraform.io/cloudflare/cloudflare timestamp="2025-05-10T06:03:05.416+0200"
2025-05-10T06:03:06.063+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0:
< HTTP/2.0 200 OK
< content-type: application/json; charset=UTF-8
< api-version: 2025-05-10
< x-frame-options: DENY
< server: cloudflare
< vary: Accept-Encoding
< cf-auditlog-id: 0196b85c-66f9-7639-80da-96a5211b4b95
< content-security-policy: frame-ancestors 'none'; default-src https: 'unsafe-inline'
< x-xss-protection: 1; mode=block
< cf-cache-status: DYNAMIC
< cf-ray: 93d68b77eefadc94-FRA
< set-cookie: __cflb=0H28vgHxwvgAQtjUGU4yFBDJQfw1pfzuDf4eL4C6TTb; SameSite=Lax; path=/; expires=Sat, 10-May-25 06:33:07 GMT; HttpOnly
< set-cookie: __cf_bm=_FnQw8GVI1nMtq6E1V484RvbIOGfzBsQqiRlrQ2kiHI-1746849786-1.0.1.1-Ph2aykMFp8PubF3yqPNVcvxFvpKapjlBc8NAQC68iQH8qeWF1KFiJq0XREv9ZyafzAEbd2DxC9QJKjrHNTr27XG1mQkvUj3R_uuEmZ1E2hg; path=/; expires=Sat, 10-May-25 04:33:06 GMT; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
< set-cookie: _cfuvid=u.PGJb14MjtjjsEaYgQJDlyIlOo4ZaZBBxHbYlLaaNY-1746849786127-0.0.1.1-604800000; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
< strict-transport-security: max-age=31536000; includeSubDomains
< x-content-type-options: nosniff
< date: Sat, 10 May 2025 04:03:06 GMT
<
{
"result": {
"created_at": "2025-05-10T03:55:22Z",
"decision": "bypass",
"exclude": [],
"id": "29475c2c-c921-486f-916b-9bdc6dc85abf",
"include": [
{
"ip": {
"ip": "1.1.1.1/32"
}
}
],
"name": "Test123",
"require": [],
"session_duration": "24h",
"uid": "29475c2c-c921-486f-916b-9bdc6dc85abf",
"updated_at": "2025-05-10T04:03:06Z",
"reusable": true,
"app_count": 0
},
"success": true,
"errors": [],
"messages": []
}
: tf_rpc=ApplyResourceChange @caller=github.com/cloudflare/terraform-provider-cloudflare/internal/logging/logging.go:92 tf_req_id=fd9ee350-192a-9431-09cf-58525ece67e1 @module=cloudflare tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_resource_type=cloudflare_zero_trust_access_policy timestamp="2025-05-10T06:03:06.062+0200"
2025-05-10T06:03:06.067+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @module=sdk.framework tf_attribute_path=decision tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=fd9ee350-192a-9431-09cf-58525ece67e1 @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=ApplyResourceChange timestamp="2025-05-10T06:03:06.067+0200"
2025-05-10T06:03:06.067+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: tf_req_id=fd9ee350-192a-9431-09cf-58525ece67e1 tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=ApplyResourceChange tf_provider_addr=registry.terraform.io/cloudflare/cloudflare @module=sdk.framework tf_attribute_path=account_id @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 timestamp="2025-05-10T06:03:06.067+0200"
2025-05-10T06:03:06.067+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: tf_attribute_path=name tf_req_id=fd9ee350-192a-9431-09cf-58525ece67e1 tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 @module=sdk.framework tf_provider_addr=registry.terraform.io/cloudflare/cloudflare timestamp="2025-05-10T06:03:06.067+0200"
2025-05-10T06:03:06.068+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: tf_req_id=fd9ee350-192a-9431-09cf-58525ece67e1 tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 @module=sdk.framework tf_attribute_path=id tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_resource_type=cloudflare_zero_trust_access_policy timestamp="2025-05-10T06:03:06.067+0200"
2025-05-10T06:03:06.068+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=fd9ee350-192a-9431-09cf-58525ece67e1 tf_resource_type=cloudflare_zero_trust_access_policy @module=sdk.framework tf_attribute_path=include[0].ip.ip tf_rpc=ApplyResourceChange timestamp="2025-05-10T06:03:06.068+0200"
2025-05-10T06:03:06.068+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @module=sdk.framework tf_req_id=fd9ee350-192a-9431-09cf-58525ece67e1 tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_attribute_path=include[0].ip tf_provider_addr=registry.terraform.io/cloudflare/cloudflare timestamp="2025-05-10T06:03:06.068+0200"
2025-05-10T06:03:06.068+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_attribute_path=include[0] tf_req_id=fd9ee350-192a-9431-09cf-58525ece67e1 @module=sdk.framework tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=ApplyResourceChange timestamp="2025-05-10T06:03:06.068+0200"
2025-05-10T06:03:06.068+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: tf_attribute_path=include tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_resource_type=cloudflare_zero_trust_access_policy tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_req_id=fd9ee350-192a-9431-09cf-58525ece67e1 @module=sdk.framework timestamp="2025-05-10T06:03:06.068+0200"
2025-05-10T06:03:06.068+0200 [DEBUG] provider.terraform-provider-cloudflare_v5.4.0: Value switched to prior value due to semantic equality logic: tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 @module=sdk.framework tf_attribute_path=session_duration tf_req_id=fd9ee350-192a-9431-09cf-58525ece67e1 tf_resource_type=cloudflare_zero_trust_access_policy timestamp="2025-05-10T06:03:06.068+0200"
cloudflare_zero_trust_access_policy.test123: Modifications complete after 1s [id=29475c2c-c921-486f-916b-9bdc6dc85abf]
2025-05-10T06:03:06.072+0200 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2025-05-10T06:03:06.074+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2025-05-10T06:03:06.078+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.opentofu.org/cloudflare/cloudflare/5.4.0/darwin_arm64/terraform-provider-cloudflare_v5.4.0 pid=56228
2025-05-10T06:03:06.078+0200 [DEBUG] provider: plugin exited
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.Steps to reproduce
Run terraform apply multiple times using the following code:
terraform {
required_version = "~> 1"
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
version = "5.4.0"
}
}
}
provider "cloudflare" {
email = "[email protected]"
api_key = "41xxxxxxxxxxxxxxx69"
}
resource "cloudflare_zero_trust_access_policy" "test123" {
account_id = "b39xxxxxxxxxxxxxxxxx50"
name = "Test123"
decision = "bypass"
include = [{
ip = {
ip = "1.1.1.1/32"
}
}]
}Each time the code above is executed, Terraform detects a change and plans to apply it:
...
OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
OpenTofu will perform the following actions:
# cloudflare_zero_trust_access_policy.test123 will be updated in-place
~ resource "cloudflare_zero_trust_access_policy" "test123" {
~ app_count = 0 -> (known after apply)
~ created_at = "2025-05-10T03:55:22Z" -> (known after apply)
- exclude = [] -> null
id = "29475c2c-c921-486f-916b-9bdc6dc85abf"
name = "Test123"
- require = [] -> null
~ reusable = true -> (known after apply)
~ updated_at = "2025-05-10T04:03:06Z" -> (known after apply)
# (4 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
...Thanks for looking at it...
Additional factoids
No response
References
No response