Reputation: 9
Managing Cloudflare Ruleset Order via Terraform
We are currently managing and creating Cloudflare rulesets and rules across multiple zones using Terraform. As you know, the rules in Cloudflare are order-sensitive. Whenever we generate a Terraform plan that includes changes—such as the deletion or addition of a new rule—it results in changes to the order of all existing rules. This is reflected in the Terraform plan, causing updates to all the rules, even when their actual content remains unchanged. We would like to inquire if there is a way to manage or specify the order of rules directly within the Terraform configuration. Specifically:
- Is there an attribute or approach in Terraform that allows us to define a rule's order explicitly, ensuring only the intended changes are applied without affecting unrelated rules?
- If no such feature currently exists, is there a recommended best practice for managing ordered rulesets in Terraform while minimizing the impact on existing rules?
- Are there alternative solutions or APIs that can help us achieve this level of control?
We are seeking a method to avoid unnecessary modifications to unrelated rules when making changes, as this can have implications for both deployment workflows and rule stability.
Upvotes: 0
Views: 77
Answers (1)
Reputation: 3064
We encountered the same issue with Cloudflare Ruleset order, and for now, we’ve found only one possible solution: including a priority number in the name field of the ruleset and updating this number whenever you change the priority. For example, "1 Set HTTP Headers".
This approach works well for us, even though we have many rules. However, the rules don’t change very often.
In the documentation for rulesets, Cloudflare mentions: "Headers are order dependent and must be provided sorted alphabetically ascending based on the name value."
For other potential solutions, such as making additional API calls or using a specific field in the Terraform provider, you can check this thread on the Cloudflare provider GitHub:
"adding a priority field has been floated internally and at the moment, it is not feasible and won't be implemented due to the problems and unpredictable behaviour it has created (previously in the firewall rule resource and page rules). making the field optional wouldn't improve the situation either; it would likely make it worse as you could then have conflicting ordering of the ruleset rules."
It’s also important to mention that your Terraform logic shouldn’t change the ruleset order. We encountered this issue when rulesets were internally added to lists or maps.
Upvotes: 0
Related Questions
- Terraform plan gen showing changes to all existing records with cloudflare provider version >=4.41.0
- Azure App Service Plan Auto Scaling Rules via Terraform
- Cloudflare page rules using terraform-cloudflare provider does not update page rules
- Terraform state sync with external changes
- Terraform: All security group rules are destroyed and replaced when adding a single rule
- cloudflare terraform provider firewall creation with loop
- Routing requests using cloudflare to different web applications
- Recreate Same Security Group Rule Each time I execute "terrafrom apply/plan"