terraform-provider-cloudflare: Error: Internal error encountered while processing change (1005)
Confirmation
- My issue isn’t already found on the issue tracker.
- I have replicated my issue using the latest version of the provider and it is still present.
Terraform and Cloudflare provider version
Terraform v1.2.3 on darwin_amd64
Affected resource(s)
- cloudflare_zone_settings_override
Terraform configuration files
- resource "cloudflare_zone_settings_override" "enforced_settings" {
- id = "<id-value>" -> null
- initial_settings = [
- {
- always_online = "off"
- always_use_https = "off"
- automatic_https_rewrites = "off"
- binary_ast = "off"
- brotli = "off"
- browser_cache_ttl = 14400
- browser_check = "on"
- cache_level = "aggressive"
- challenge_ttl = 1800
- ciphers = []
- cname_flattening = "flatten_at_root"
- development_mode = "off"
- early_hints = "off"
- email_obfuscation = "on"
- filter_logs_to_cloudflare = "off"
- h2_prioritization = "off"
- hotlink_protection = "off"
- http2 = "on"
- http3 = "off"
- image_resizing = "off"
- ip_geolocation = "on"
- ipv6 = "on"
- log_to_cloudflare = "on"
- max_upload = 100
- min_tls_version = "1.0"
- minify = [
- {
- css = "off"
- html = "off"
- js = "off"
},
]
- mirage = "off"
- mobile_redirect = [
- {
- mobile_subdomain = ""
- status = "off"
- strip_uri = false
},
]
- opportunistic_encryption = "off"
- opportunistic_onion = "on"
- orange_to_orange = "off"
- origin_error_page_pass_thru = "off"
- polish = "off"
- prefetch_preload = "off"
- privacy_pass = "on"
- proxy_read_timeout = "100"
- pseudo_ipv4 = "off"
- response_buffering = "off"
- rocket_loader = "off"
- security_header = [
- {
- enabled = false
- include_subdomains = false
- max_age = 0
- nosniff = false
- preload = false
},
]
- security_level = "medium"
- server_side_exclude = "on"
- sort_query_string_for_cache = "off"
- ssl = "full"
- tls_1_2_only = "off"
- tls_1_3 = "on"
- tls_client_auth = "off"
- true_client_ip_header = "off"
- universal_ssl = "on"
- visitor_ip = "on"
- waf = "off"
- webp = "off"
- websockets = "on"
- zero_rtt = "off"
},
] -> null
- initial_settings_read_at = "2022-07-18T18:29:49.909005246Z" -> null
- readonly_settings = [
- "advanced_ddos",
] -> null
- zone_id = "<id>" -> null
- zone_status = "pending" -> null
- zone_type = "partial" -> null
- settings {
- always_online = "off" -> null
- always_use_https = "on" -> null
- automatic_https_rewrites = "off" -> null
- binary_ast = "off" -> null
- brotli = "off" -> null
- browser_cache_ttl = 14400 -> null
- browser_check = "on" -> null
- cache_level = "aggressive" -> null
- challenge_ttl = 1800 -> null
- ciphers = [] -> null
- cname_flattening = "flatten_at_root" -> null
- development_mode = "off" -> null
- early_hints = "off" -> null
- email_obfuscation = "on" -> null
- filter_logs_to_cloudflare = "off" -> null
- h2_prioritization = "off" -> null
- hotlink_protection = "off" -> null
- http2 = "on" -> null
- http3 = "off" -> null
- image_resizing = "off" -> null
- ip_geolocation = "on" -> null
- ipv6 = "on" -> null
- log_to_cloudflare = "on" -> null
- max_upload = 100 -> null
- min_tls_version = "1.2" -> null
- mirage = "off" -> null
- opportunistic_encryption = "off" -> null
- opportunistic_onion = "on" -> null
- orange_to_orange = "off" -> null
- origin_error_page_pass_thru = "off" -> null
- polish = "off" -> null
- prefetch_preload = "off" -> null
- privacy_pass = "on" -> null
- proxy_read_timeout = "100" -> null
- pseudo_ipv4 = "off" -> null
- response_buffering = "off" -> null
- rocket_loader = "off" -> null
- security_level = "medium" -> null
- server_side_exclude = "on" -> null
- sort_query_string_for_cache = "off" -> null
- ssl = "full" -> null
- tls_1_2_only = "off" -> null
- tls_1_3 = "on" -> null
- tls_client_auth = "off" -> null
- true_client_ip_header = "off" -> null
- universal_ssl = "off" -> null
- visitor_ip = "on" -> null
- waf = "off" -> null
- webp = "off" -> null
- websockets = "on" -> null
- zero_rtt = "off" -> null
- minify {
- css = "off" -> null
- html = "off" -> null
- js = "off" -> null
}
- mobile_redirect {
- status = "off" -> null
- strip_uri = false -> null
}
- security_header {
- enabled = false -> null
- include_subdomains = false -> null
- max_age = 0 -> null
- nosniff = false -> null
- preload = false -> null
}
}
}
Debug output
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# module.waf-terraform-core.module.cloudflare.module.zone["test.com"].module.zone_settings[0].cloudflare_zone_settings_override.enforced_settings[0] will be destroyed
# (because module.waf-terraform-core.module.cloudflare.module.zone["test.com"].module.zone_settings[0] is not in configuration)
- resource "cloudflare_zone_settings_override" "enforced_settings" {
- id = "<id>" -> null
- initial_settings = [
- {
- always_online = "off"
- always_use_https = "off"
- automatic_https_rewrites = "off"
- binary_ast = "off"
- brotli = "off"
- browser_cache_ttl = 14400
- browser_check = "on"
- cache_level = "aggressive"
- challenge_ttl = 1800
- ciphers = []
- cname_flattening = "flatten_at_root"
- development_mode = "off"
- early_hints = "off"
- email_obfuscation = "on"
- filter_logs_to_cloudflare = "off"
- h2_prioritization = "off"
- hotlink_protection = "off"
- http2 = "on"
- http3 = "off"
- image_resizing = "off"
- ip_geolocation = "on"
- ipv6 = "on"
- log_to_cloudflare = "on"
- max_upload = 100
- min_tls_version = "1.0"
- minify = [
- {
- css = "off"
- html = "off"
- js = "off"
},
]
- mirage = "off"
- mobile_redirect = [
- {
- mobile_subdomain = ""
- status = "off"
- strip_uri = false
},
]
- opportunistic_encryption = "off"
- opportunistic_onion = "on"
- orange_to_orange = "off"
- origin_error_page_pass_thru = "off"
- polish = "off"
- prefetch_preload = "off"
- privacy_pass = "on"
- proxy_read_timeout = "100"
- pseudo_ipv4 = "off"
- response_buffering = "off"
- rocket_loader = "off"
- security_header = [
- {
- enabled = false
- include_subdomains = false
- max_age = 0
- nosniff = false
- preload = false
},
]
- security_level = "medium"
- server_side_exclude = "on"
- sort_query_string_for_cache = "off"
- ssl = "full"
- tls_1_2_only = "off"
- tls_1_3 = "on"
- tls_client_auth = "off"
- true_client_ip_header = "off"
- universal_ssl = "on"
- visitor_ip = "on"
- waf = "off"
- webp = "off"
- websockets = "on"
- zero_rtt = "off"
},
] -> null
- initial_settings_read_at = "2022-07-19T17:50:44.587194Z" -> null
- readonly_settings = [
- "advanced_ddos",
] -> null
- zone_id = "<id>" -> null
- zone_status = "pending" -> null
- zone_type = "partial" -> null
- settings {
- always_online = "off" -> null
- always_use_https = "on" -> null
- automatic_https_rewrites = "off" -> null
- binary_ast = "off" -> null
- brotli = "off" -> null
- browser_cache_ttl = 14400 -> null
- browser_check = "on" -> null
- cache_level = "aggressive" -> null
- challenge_ttl = 1800 -> null
- ciphers = [] -> null
- cname_flattening = "flatten_at_root" -> null
- development_mode = "off" -> null
- early_hints = "off" -> null
- email_obfuscation = "on" -> null
- filter_logs_to_cloudflare = "off" -> null
- h2_prioritization = "off" -> null
- hotlink_protection = "off" -> null
- http2 = "on" -> null
- http3 = "off" -> null
- image_resizing = "off" -> null
- ip_geolocation = "on" -> null
- ipv6 = "on" -> null
- log_to_cloudflare = "on" -> null
- max_upload = 100 -> null
- min_tls_version = "1.2" -> null
- mirage = "off" -> null
- opportunistic_encryption = "off" -> null
- opportunistic_onion = "on" -> null
- orange_to_orange = "off" -> null
- origin_error_page_pass_thru = "off" -> null
- polish = "off" -> null
- prefetch_preload = "off" -> null
- privacy_pass = "on" -> null
- proxy_read_timeout = "100" -> null
- pseudo_ipv4 = "off" -> null
- response_buffering = "off" -> null
- rocket_loader = "off" -> null
- security_level = "medium" -> null
- server_side_exclude = "on" -> null
- sort_query_string_for_cache = "off" -> null
- ssl = "full" -> null
- tls_1_2_only = "off" -> null
- tls_1_3 = "on" -> null
- tls_client_auth = "off" -> null
- true_client_ip_header = "off" -> null
- universal_ssl = "off" -> null
- visitor_ip = "on" -> null
- waf = "off" -> null
- webp = "off" -> null
- websockets = "on" -> null
- zero_rtt = "off" -> null
- minify {
- css = "off" -> null
- html = "off" -> null
- js = "off" -> null
}
- mobile_redirect {
- status = "off" -> null
- strip_uri = false -> null
}
- security_header {
- enabled = false -> null
- include_subdomains = false -> null
- max_age = 0 -> null
- nosniff = false -> null
- preload = false -> null
}
}
}
Plan: 0 to add, 0 to change, 1 to destroy.
Do you want to perform these actions in workspace "master"?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
module.waf-terraform-core.module.cloudflare.module.zone["test.com"].module.zone_settings[0].cloudflare_zone_settings_override.enforced_settings[0]: Destroying... [id=<id>]
╷
│ Error: Internal error encountered while processing change (1005)
│
│
╵
Releasing state lock. This may take a few moments...
Panic output
No response
Expected output
Apply complete! Resources: 0 added, 0 changed, 1 destroyed.
Actual output
Error: Internal error encountered while processing change (1005)
Steps to reproduce
- Create a zone and add the
zone_settings_overrideresource to it.
resource "cloudflare_zone_settings_override" "enforced_settings" {
zone_id = "<id>"
settings {
always_online = "off"
always_use_https = "off"
automatic_https_rewrites = "off"
binary_ast = "off"
brotli = "off"
browser_cache_ttl = 14400
browser_check = "on"
cache_level = "aggressive"
challenge_ttl = 1800
ciphers = []
cname_flattening = "flatten_at_root"
development_mode = "off"
early_hints = "off"
email_obfuscation = "on"
filter_logs_to_cloudflare = "off"
h2_prioritization = "off"
hotlink_protection = "off"
http2 = "on"
http3 = "off"
image_resizing = "off"
ip_geolocation = "on"
ipv6 = "on"
log_to_cloudflare = "on"
max_upload = 100
min_tls_version = "1.0"
minify {
css = "off"
html = "off"
js = "off"
}
mirage = "off"
mobile_redirect {
mobile_subdomain = ""
status = "off"
strip_uri = false
}
opportunistic_encryption = "off"
opportunistic_onion = "on"
orange_to_orange = "off"
origin_error_page_pass_thru = "off"
polish = "off"
prefetch_preload = "off"
privacy_pass = "on"
proxy_read_timeout = "100"
pseudo_ipv4 = "off"
response_buffering = "off"
rocket_loader = "off"
security_header {
enabled = false
include_subdomains = false
max_age = 0
nosniff = false
preload = false
}
security_level = "medium"
server_side_exclude = "on"
sort_query_string_for_cache = "off"
ssl = "full"
tls_1_2_only = "off"
tls_1_3 = "on"
tls_client_auth = "off"
true_client_ip_header = "off"
universal_ssl = "on"
visitor_ip = "on"
waf = "on"
webp = "off"
websockets = "on"
zero_rtt = "off"
}
- Delete the
zone_settings_overrideresource.
Additional factoids
No response
References
No response
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 17 (1 by maintainers)
Commits related to this issue
- Update help info for `always_online` setting More info at https://github.com/cloudflare/terraform-provider-cloudflare/issues/1787#issuecomment-1190113657. — committed to alex-feel/terraform-cloudflare-zone by alex-feel 2 years ago
- Remove support for deprecated `always_online` action More info at https://github.com/cloudflare/terraform-provider-cloudflare/issues/1787#issuecomment-1190113657. — committed to alex-feel/terraform-cloudflare-zone by alex-feel 2 years ago
@jacobbednarz thank you for that information! I was not aware! Was there any official announcement? I can’t seem to find it and looking at Cloudflare’s official documentation below it seems like
Always Onlinefor Page Rules is still valid?Also, what is the difference between
v1andv2? Isv2zone-wide or is page rule specific?a deprecation in the provider wouldn’t have helped here and manual intervention was always going to be required due to the way the resource tracks initial settings and attempts to reset them (unless it had identical payloads and lived under the same endpoint). in the future, this resource is planned to be replaced to combat similar problems; see #1646.
re: API, I’m unsure if this has a publicly documented endpoint so I’d need to confirm with the service team. I’m also not certain if those docs on it being available in page rules are still accurate.
regarding comms on the change, i’ve confirmed with the service team.
thanks for the feedback!
Thanks for the explanation @jacobbednarz 🙇
Removing the
always_onlinefrom the resource helped in my case and theterraform planshowed that it was a no-op so this is resolved from my end, thanks again!I’m not sure if this is related but we’ve hit a similar
1005error forcloudflare_page_rulewherealways_onlineseem to have been removed from theactions?I don’t see it in the UI either
We also have
Always Onlinedisabled on the caching page, I wonder if that is relatedLooking at the original issue description
always_onlineseems to be present as well.