cloudflare_access_identity_provider with AAD not accepting secrets

[charlesb87]

Confirmation

• My issue isn't already found on the issue tracker.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.0.10
on windows_amd64

• provider registry.terraform.io/cloudflare/cloudflare v4.7.1

Affected resource(s)

• cloudflare_access_identity_provider

Terraform configuration files

terraform {
  required_providers {
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "~> 4.7"
    }
  }
}

provider "cloudflare" {

}

resource "cloudflare_access_identity_provider" "terminal_cloudflare_identity_provider_aad" {
  zone_id = cloudflare_zone.terminal_default_zone.id
  name       = "CMA B5"
  type       = "azureAD"
  config {
    client_id            = var.terminal_aad_client_id
    client_secret        = var.terminal_aad_client_secret
    directory_id         = var.terminal_aad_tenant_id
    support_groups       = true
    token_url            = ""
    sign_request         = false
    centrify_account     = ""
    issuer_url           = ""
    okta_account         = ""
    centrify_app_id      = ""
    onelogin_account     = ""
    api_token            = ""
    apps_domain          = ""
    email_attribute_name = ""
    auth_url             = ""
    sso_target_url       = ""
    pkce_enabled         = false
    certs_url            = ""
  }
}

resource "cloudflare_zone" "terminal_default_zone" {
  account_id = var.account_id
  paused     = false
  plan       = "free"
  type       = "full"
  zone       = var.terminal_public_domain_name
}

variable "terminal_public_domain_name" {
  type        = string
  description = "The terminal DNS zone (e.g. terminalname.com) name which will be added to the account"
}

variable "account_id" {
  type        = string
  description = "Account ID of the terminal to manage the resources"
}

variable "terminal_aad_tenant_id" {
  type        = string
  description = "AAD tenant ID of the terminal"
}

variable "terminal_aad_client_secret" {
  type        = string
  description = "AAD Client secret of the app registration dedicated for Cloudflare"
}

variable "terminal_aad_client_id" {
  type        = string
  description = "AAD Client ID of the app registration dedicated for Cloudflare"
}

Link to debug output

https://gist.github.com/charlesb87/91337a21e78e4aee1872df355a526bd6

Panic output

No response

Expected output

Cloudflare identity provider for AAD created with secret

Actual output

Cloudflare identity provider for AAD not created, faulty output

Steps to reproduce

1. terraform init
2. terraform plan -out my.plan
3. terraform apply my.plan

Additional factoids

No response

References

No response

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[jacobbednarz]

thanks for the issue. are you able to do two things to diagnose this further:

• run the reproduction case without any other resources. you have a bunch of other resources and these logs don't show the creation/modification of the resource you are raising an issue with here.
• remove the unrelated attributes from cloudflare_access_identity_provider resource. you shouldn't be defining values (even empty ones) if you don't need to configure them.

[charlesb87]

Hey @jacobbednarz ,

While modifiying the file as suggested, I don't noticed a different behaviour from cloudflare terraform provider.

Updated files:
https://privatebin.charlesborcke.xyz/?9e694b16610bb77c#Aqt8kvdRtq3zWrD2TL23TZowKLLk1cFF2Umf9JpzagpS

Terraform plan debug output :
https://privatebin.charlesborcke.xyz/?6c57d0dc2986bb67#3LooqgBejoav9BfuvynnE4Cz8LqkAAmAsoPP24CFvjzp

[jacobbednarz]

is that after you've removed it from state and either recreated or imported it?

[charlesb87]

It's a fresh creation in fact.

[charlesb87]

One fun fact, It's working fine using Linux terraform provider, but not on windows.