terraform-provider-cloudflare: Error: invalid zone setting "image_resizing" (value: ) found - cannot be set as it is read only
Confirmation
- My issue isn’t already found on the issue tracker.
- I have replicated my issue using the latest version of the provider and it is still present.
Terraform and Cloudflare provider version
terraform -v
Terraform v0.15.1
on darwin_amd64
+ provider registry.terraform.io/cloudflare/cloudflare v3.4.0
Affected resource(s)
cloudflare_zone_settings_override
Terraform configuration files
resource "cloudflare_zone_settings_override" "some_zone" {
zone_id = var.zone_id
settings {
always_online = var.always_online
always_use_https = var.always_use_https
automatic_https_rewrites = var.automatic_https_rewrites
brotli = var.brotli
binary_ast = var.binary_ast
browser_cache_ttl = var.browser_cache_ttl
browser_check = var.browser_check
cache_level = var.cache_level
challenge_ttl = var.challenge_ttl
cname_flattening = var.cname_flattening
development_mode = var.development_mode
email_obfuscation = var.email_obfuscation
early_hints = var.early_hints
h2_prioritization = var.h2_prioritization
hotlink_protection = var.hotlink_protection
http2 = var.http2
http3 = var.http3
image_resizing = var.image_resizing
ip_geolocation = var.ip_geolocation
ipv6 = var.ipv6
max_upload = var.max_upload
min_tls_version = var.min_tls_version
#minify = var.minify
mirage = var.mirage
#mobile_redirect = var.mobile_redirect
opportunistic_encryption = var.opportunistic_encryption
opportunistic_onion = var.opportunistic_onion
origin_error_page_pass_thru = var.origin_error_page_pass_thru
polish = var.polish
prefetch_preload = var.prefetch_preload
privacy_pass = var.privacy_pass
pseudo_ipv4 = var.pseudo_ipv4
response_buffering = var.response_buffering
rocket_loader = var.rocket_loader
security_level = var.security_level
server_side_exclude = var.server_side_exclude
sort_query_string_for_cache = var.sort_query_string_for_cache
ssl = var.ssl
universal_ssl = var.universal_ssl
tls_1_3 = var.tls_1_3
tls_client_auth = var.tls_client_auth
true_client_ip_header = var.true_client_ip_header
waf = var.waf
webp = var.webp
websockets = var.websockets
zero_rtt = var.zero_rtt
dynamic "security_header" {
for_each = var.security_headers
content {
enabled = security_header.value.security_header_enabled
include_subdomains = security_header.value.security_header_include_subdomains
max_age = security_header.value.security_header_max_age
nosniff = security_header.value.security_header_nosniff
preload = security_header.value.security_header_preload
}
}
}
}
Debug output
│ Error: invalid zone setting “image_resizing” (value: ) found - cannot be set as it is read only
Panic output
No response
Expected output
No changes on the setting image_resizing
Actual output
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# cloudflare_zone_settings_override.this is tainted, so must be replaced
-/+ resource "cloudflare_zone_settings_override" "this" {
~ id = "$some_id" -> (known after apply)
+ initial_settings = (known after apply)
+ initial_settings_read_at = (known after apply)
~ readonly_settings = [
- "advanced_ddos",
- "binary_ast",
- "image_resizing",
] -> (known after apply)
~ zone_status = "active" -> (known after apply)
~ zone_type = "full" -> (known after apply)
# (1 unchanged attribute hidden)
~ settings {
~ automatic_https_rewrites = "off" -> "on"
~ binary_ast = "off" -> "on"
~ brotli = "off" -> "on"
~ cache_level = "aggressive" -> "simplified"
~ challenge_ttl = 1800 -> 2700
~ ciphers = [] -> (known after apply)
~ filter_logs_to_cloudflare = "off" -> (known after apply)
~ http3 = "off" -> "on"
~ image_resizing = "off" -> "on"
~ ipv6 = "on" -> "off"
~ log_to_cloudflare = "on" -> (known after apply)
~ max_upload = 100 -> 500
~ mirage = "off" -> "on"
~ opportunistic_encryption = "off" -> "on"
~ orange_to_orange = "off" -> (known after apply)
~ privacy_pass = "on" -> "off"
~ proxy_read_timeout = "100" -> (known after apply)
~ server_side_exclude = "on" -> "off"
~ ssl = "flexible" -> "full"
~ tls_1_2_only = "off" -> (known after apply)
~ visitor_ip = "on" -> (known after apply)
# (30 unchanged attributes hidden)
~ minify {
~ css = "off" -> (known after apply)
~ html = "on" -> (known after apply)
~ js = "off" -> (known after apply)
}
~ mobile_redirect {
+ mobile_subdomain = (known after apply)
~ status = "off" -> (known after apply)
~ strip_uri = false -> (known after apply)
}
~ security_header {
~ enabled = false -> (known after apply)
~ include_subdomains = false -> (known after apply)
~ max_age = 0 -> (known after apply)
~ nosniff = false -> (known after apply)
~ preload = false -> (known after apply)
}
}
}
Plan: 1 to add, 0 to change, 1 to destroy.
│ Warning: Resource targeting is in effect
│
│ You are creating a plan with the -target option, which means that the result of this plan may not represent all of the changes requested by the current configuration.
│
│ The -target option is not for routine use, and is provided only for exceptional situations such as recovering from errors or mistakes, or when Terraform specifically suggests to use it as part of an error message.
╵
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
cloudflare_zone_settings_override.babylonhealth_uk: Destroying... [id=$some_id]
╷
│ Warning: Applied changes may be incomplete
│
│ The plan was created with the -target option in effect, so some changes requested in the configuration may have been ignored and the output values may not be fully updated. Run the following command to verify that no other
│ changes are pending:
│ terraform plan
│
│ Note that the -target option is not suitable for routine use, and is provided only for exceptional situations such as recovering from errors or mistakes, or when Terraform specifically suggests to use it as part of an error
│ message.
╵
╷
│ Error: invalid zone setting "image_resizing" (value: ) found - cannot be set as it is read only
│
│
Steps to reproduce
Try to apply the config with the default values.
References
Same issue as: https://github.com/cloudflare/terraform-provider-cloudflare/issues/961 That wasn’t resolved, just closed, so not sure what the outcome was
This also looks similar https://github.com/cloudflare/terraform-provider-cloudflare/issues/533
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 20 (4 by maintainers)
I’m dealing with the exact same issue and my settings block is completely empty -
and I still get an error along the lines of
Error: invalid zone setting "mirage" (value: ) found - cannot be set as it is read onlyThis resource is basically unusable for me
Removing the resource from the state with
terraform state rm <resource>solves this as a workaroundI am also encountering this issue with
true_client_ip_header.Hi @patryk ,
I appreciate the work around, but this is definitely not a solution, as if it requires someone to manually intervene, it beats the purpose of automation and in no way it can be used in a CI/CD pipeline.
Regarding
The read only settings are not supposed to be put into config file.I will once again point towards my previous replies that even if I don’t include the config, it still doesn’t allow to apply and gives out the error.In any case, I’ll follow up with the support team on the ticket as this doesn’t seem to be treated as an issue. (have submitted the debug logs on the ticket)
I had the same issue with v3.20.0 and
terraform state rm <resource>indeed worked. I am still puzzled as to why this was happening. Re-read the entire conversation here as well as the documentation forcloudflare_zone_settings_overrideand still don’t get it. If this is not an issue in this provider, then where? Could someone who understands this summarize so that someone with mid-level experience (that is not expert) with Terraform and Cloudflare can understand. Much appreciated!Hi @hpapadopoulos, I believe I’ve found the root cause of your issue. Hint: you did nothing wrong with
image_resizing. This is also not the Terraform fault.The API is initially reporting that Image Resizing is “read only”, even though you are able to toggle it on in the UI. Once enabled, the API will begin reporting setting as “editable = true”. Terraform plugin respects this fields, that’s why it reports back error “the setting is read only” to the customer.
To unblock yourself, toggle the setting once manually in the UI (which apparently ignores the “editable” field). My apologies for the issue, but the API is owned by the different team from my own. The Support Team will make them aware of the issue.
Thanks for patience and sorry it took so long.