CODEWITHSUNDEEP
terraformcloudflareterraform-providerterraform-provider-cloudflare
Maheedhar Tumpudi
Maheedhar Tumpudi

Reputation: 9

Terraform plan gen showing changes to all existing records with cloudflare provider version >=4.41.0

This issue is observed only with the terraform cloudflare provider versions >= 4.41.0 . It was working fine until we were using cloudflare provider of version 4.40.0

terraform version : 1.9.8 cloudflare provider version : 4.46.0

Affected resource(s) cloudflare_record

module "cusip-com-cname-record" {
  source = "git::https://github.<org>.com/neteng/dns-modules.git//cloudflare//cname-record"
  email-address = data.aws_ssm_parameter.email-address.value
  api-key       = data.aws_ssm_parameter.api-key.value

  cname-records = {
      "cusip.com/1/test1._domainkey" = {
        zone-id = local.cusip-com
        name    = "test1._domainkey"
        value   = "target1.amazonses.com"
        ttl     = 600
      }
      "cusip.com/1/test2._domainkey" = {
        zone-id = local.cusip-com
        name    = "test2._domainkey"
        value   = "target2.amazonses.com"
        ttl     = 600
      }
}

Terraform init output

Initializing modules...
Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...

Finding latest version of hashicorp/aws...
Finding latest version of cloudflare/cloudflare...
Installing hashicorp/aws v5.76.0...
Installed hashicorp/aws v5.76.0 (signed by HashiCorp)
Installing cloudflare/cloudflare v4.46.0...
Installed cloudflare/cloudflare v4.46.0 (self-signed, key ID )
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

Expected output As these records already exist I expect terraform plan to give - No changes. Your infrastructure matches the configuration.

Actual output Though there are no changes to the configurations in .tf files the terraform plan gen is still showing changes as below:

module.cusip-com-cname-record.cloudflare_record.cname-record["cusip.com/1/test1._domainkey"] will be updated in-place
~ resource "cloudflare_record" "cname-record" {
 id = ""
 name = "test1._domainkey"
 tags = []
 + value = "target1.amazonses.com"
 # (10 unchanged attributes hidden)
}

module.cusip-com-cname-record.cloudflare_record.cname-   record["cusip.com/1/test2._domainkey"] will be updated in-place
~ resource "cloudflare_record" "cname-record" {
  id = ""
  name = "test2._domainkey"
  tags = []
+ value = "target2.amazonses.com"
# (10 unchanged attributes hidden)
}
Plan: 0 to add, 2 to change, 0 to destroy.

This issue is observed only with the terraform cloudflare provider versions >= 4.41.0 . It was working fine until we were using cloudflare provider of version 4.40.0

Upvotes: 0

Views: 61

Answers (1)

nmishin
nmishin

Reputation: 3064

I see a lot of changes to resource "cloudflare_record" in the changelog for provider versions 4.42.0, 4.41.0 and 4.39.0.

Also, I see that terraform doesn't try to delete anything - only adds the value field. I suggest testing it in your own configuration, perhaps with a couple of records, and observing the results.

Upvotes: 0

Related Questions