cloudflare_load_balancer_pool origin header override inconsistent result after apply

[steve-hb]

Confirmation

• This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
• I have searched the issue tracker and my issue isn't already found.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.10.3
on darwin_arm64

• provider registry.terraform.io/cloudflare/cloudflare v5.0.0-alpha1

Latest as of writing this

Affected resource(s)

cloudflare_load_balancer_pool#origins

Terraform configuration files

terraform {
  required_version = ">= v1.10.3"

  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
      version = "5.0.0-alpha1"
    }
  }
}

locals {
    random_string = "2432425254235"

    domain = "test.<my-domain>"
    base_domain = "<my-domain>"
    ipv6_address = "<valid-ipv6>"
}

variable "cloudflare_api_token" {
  type = string
  default = "<my-api-token>"
  sensitive = true
}

variable "cloudflare_account_id" {
  type = string
  default = "<my-account-id>"
  sensitive = true
}

provider "cloudflare" {
  api_token = var.cloudflare_api_token
}

resource "cloudflare_load_balancer_monitor" "monitor" {
  description = "Health check for monitoring cluster nodes"
  type        = "http"
  port        = 80
  method      = "GET"
  path        = "/api/health"
  expected_codes = "200"
  interval       = 60
  allow_insecure   = true # TODO: Remove this

  account_id = var.cloudflare_account_id
}

resource "cloudflare_load_balancer_pool" "pool" {
  name    = "monitoring-cluster-pool-${local.random_string}"
  monitor = cloudflare_load_balancer_monitor.monitor.id

  origins = [{
      name    = "node"
      address = local.ipv6_address
      header  = {
        header = "Host"
        values = [local.ipv6_address] # actually uses a domain name in my scripts
      } # TODO: The Cloudflare provider currently seems to be buggy about this
      enabled = true
      weight  = 1
  }]

  account_id = var.cloudflare_account_id
}


data "cloudflare_zone" "domain" {
  filter = {
    name = local.base_domain
  }
}

resource "cloudflare_dns_record" "monitoring_nodes" {
  zone_id = data.cloudflare_zone.domain.id
  name    = "node"
  content   = local.ipv6_address
  type    = "AAAA"
  proxied = false
  ttl     = 60
}

resource "cloudflare_load_balancer" "lb" {
  zone_id          = data.cloudflare_zone.domain.id
  name             = "${local.domain}"
  default_pools = [cloudflare_load_balancer_pool.pool.id]
  fallback_pool = cloudflare_load_balancer_pool.pool.id
  enabled          = true
  proxied          = true
  session_affinity = "cookie"

  depends_on       = [cloudflare_load_balancer_pool.pool]
}

Link to debug output

https://gist.github.com/steve-hb/1caac160b9937d079027ab7ef6fb9165

Panic output

No response

Expected output

It should create a LoadBalancer with the origin headers overridden for each origin.

Actual output

The provider fails due to inconsistent result.

Steps to reproduce

Add your api_token and account_id and finally apply the file.

Additional factoids

I tried multiple ways of defining the headers from different sources I found, one (I provided) directly set an object, others defined it as an array of objects (makes sense):

header  = [{
            header = "Host"
            values = [local.ipv6_address] # actually uses a domain name in my scripts
        }]

The direct object approach nevertheless is imo consistent with this destroy output when using the officially documented way of defining an array:

Error: Incorrect attribute value type
│ 
│   on main.tf line 55, in resource "cloudflare_load_balancer_pool" "pool":
│   55:   origins = [{
│   56:       name    = "node"
│   57:       address = local.ipv6_address
│   58:       header  = [
│   59:         {
│   60:             header = "Host"
│   61:             values = [local.ipv6_address]
│   62:         }
│   63:       ] # TODO: The Cloudflare provider currently seems to be buggy about this
│   64:       enabled = true
│   65:       weight  = 1
│   66:   }]
│     ├────────────────│ 
│ Inappropriate value for attribute "origins": element 0: attribute "header": object required.

The result (failure) stays the same no matter how I configure it.

Setting the Header override manually in the Cloudflare dashboard works fine and as expected.

References

https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/load_balancer_pool#example-usage shows how to use it

[github-actions]

Terraform debug log detected ✅

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[jacobbednarz]

5.0.0-alpha1 has known issues and will be addressed in later releases. we're not accepting new bugs at this point as the upcoming releases dramatically improve the situation. you can try a custom build on the next branch if you want to see if this is already addressed.