ste_3
September 26, 2023, 8:32pm
1
Hi all, not sure API is the right category but I can’t find anything specific.
Has anyone had any luck enabling bot fight mode in a zone via terraform?
https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/bot_management#fight_mode
docs all point to this being OK and no errors - and the plan and apply succeeds - but it never enables and when I replan it tells me it needs enabling (which - of course - fails to do anything again).
resource "cloudflare_bot_management" "example" {
zone_id = var.cloudflare_zone_id
fight_mode = true
enable_js = true
##non-free
#sbfm_definitely_automated = "block"
#sbfm_likely_automated = "managed_challenge"
#sbfm_verified_bots = "allow"
#sbfm_static_resource_protection = false
#optimize_wordpress = true
}
Can you share the output of your apply command with debug enabled. TF_LOG=debug <your apply command>.GitHub repository
ste_3
September 27, 2023, 3:18pm
5
2023-09-27T16:11:54.325+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: GET /client/v4/zones/__zoneid__/bot_management HTTP/1.1
2023-09-27T16:11:54.325+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: Host: api.cloudflare.com
2023-09-27T16:11:54.325+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: User-Agent: terraform/1.5.5 terraform-plugin-sdk/2.10.1 terraform-provider-cloudflare/4.15.0
2023-09-27T16:11:54.325+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: Authorization: Bearer [redacted]
2023-09-27T16:11:54.325+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: Cloudflare-Version: 2.0.0
2023-09-27T16:11:54.325+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: Content-Type: application/json
2023-09-27T16:11:54.325+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: Accept-Encoding: gzip
2023-09-27T16:11:54.325+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0:
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: 2023/09/27 16:11:54
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: HTTP/2.0 200 OK
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: Cf-Cache-Status: DYNAMIC
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: Cf-Ray: __CF-ray__
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: Content-Type: application/json; charset=UTF-8
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: Date: Wed, 27 Sep 2023 15:12:02 GMT
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: Server: cloudflare
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: Set-Cookie: __cflb=__cf_lb__; SameSite=Lax; path=/; expires=Wed, 27-Sep-23 17:42:03 GMT; HttpOnly
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: Set-Cookie: __cfruid=__cfruid__; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: Vary: Origin, Accept-Encoding
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: X-Envoy-Upstream-Service-Time: 23
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0:
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: {
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: "result": {
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: "enable_js": true,
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: "fight_mode": false,
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: "using_latest_model": true
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: },
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: "success": true,
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: "errors": [],
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: "messages": []
2023-09-27T16:11:54.960+0100 [DEBUG] provider.terraform-provider-cloudflare_v4.15.0: }
2023-09-27T16:11:54.961+0100 [WARN] Provider "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" produced an unexpected new value for cloudflare_bot_management.example, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .fight_mode: was cty.True, but now cty.False
Looks helpful, but - no clearer why its happening to me?
What’s odd is that is a GET request which only pulls the information. There should be either a POST, PUT or PATCH there to update the value.
ste_3
September 28, 2023, 7:29am
7
Sorry, I was in a rush yesterday, and also am this morning - just heading out.
You’re right - there is a PUT but even for this planned change:
# cloudflare_bot_management.example will be updated in-place
~ resource "cloudflare_bot_management" "example" {
~ fight_mode = false -> true
id = "................"
# (3 unchanged attributes hidden)
}
It’s putting “enable_js” in the json instead
I’ll try a more structured test tomorrow evening when I’m not in a hurry - but that seems to be the issue.
ste_3
November 26, 2023, 12:44pm
8
For anyone stumbling across this, I didn’t manage to get back to it in time, but looks like its been fixed separately. I updated the provider and today it’s worked.
Thinking maybe I was going mad decided to do some digging and the fix commit was here:https://github.com/cloudflare/terraform-provider-cloudflare/pull/2833/commits/0bf5ef385606dfd4e80d804de9ceb99466061a96
Thanks for your help on this @Cyb3r-Jak3