Zero Trust Tunnels Terraform documentation is wrong is various ways

[gregbrant2]

Existing documentation URL(s)

• https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/deployment-guides/terraform/

What changes are you suggesting?

The example for the cloudflare_zero_trust_tunnel_cloudflared_config has invalid syntax. I believe

resource "cloudflare_zero_trust_tunnel_cloudflared_config" "auto_tunnel" {
  tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.auto_tunnel.id
  account_id = var.cloudflare_account_id
  config {
   ingress_rule {
     hostname = "${cloudflare_record.http_app.hostname}"
     ...
     }
   }
   ingress_rule {
     service  = "http_status:404"
   }
  }
}

should be

resource "cloudflare_zero_trust_tunnel_cloudflared_config" "auto_tunnel" {
  tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.auto_tunnel.id
  account_id = var.cloudflare_account_id
  config = {
   ingress_rule =[ {
     hostname = "${cloudflare_record.http_app.hostname}"
     ...
   }, 
   ingress_rule = {
     service  = "http_status:404"
   }]
  }
}

As is, it gives the error

Error: Unsupported block type
│
│   on templates.tf line 200, in resource "cloudflare_zero_trust_tunnel_cloudflared_config" "auto_tunnel":
│  200:   config {
│
│ Blocks of type "config" are not expected here. Did you mean to define argument "config"? If so, use the equals sign to assign it a
│ value.

Your terraform documentation is littered with this kind of syntax error.

Once you fix this so the syntax is happy there is a further issue which I believe is a bug in the provider it's self whereby when you terraform apply the apply fails despite the terraform plan succeeding:

╷
│ Error: failed to make http request
│
│   with cloudflare_zero_trust_tunnel_cloudflared_config.gregbrant_com,
│   on templates.tf line 197, in resource "cloudflare_zero_trust_tunnel_cloudflared_config" "auto_tunnel":
│  197: resource "cloudflare_zero_trust_tunnel_cloudflared_config" "auto_tunnel" {
│
│ PUT
│ "https://api.cloudflare.com/client/v4/accounts/<acct_id>/cfd_tunnel/<tunnel_id>/configurations":
│ 400 Bad Request {"success":false,"errors":[{"code":1056,"message":"Bad Configuration: Validation failed: The config file doesn't
│ contain any ingress rules\n"}],"messages":[],"result":null}
╵

Additional information

Using v5.2.0

$ terraform version
Terraform v1.11.0
on linux_amd64
+ provider registry.terraform.io/ansible/ansible v1.3.0
+ provider registry.terraform.io/bpg/proxmox v0.73.2
+ provider registry.terraform.io/cloudflare/cloudflare v5.2.0
+ provider registry.terraform.io/hashicorp/local v2.5.2
+ provider registry.terraform.io/hashicorp/random v3.7.1

[gregbrant2]

Running apply with TF_LOG=TRACE I can see the config in the request body is empty

2025-03-22T12:16:07.547Z [DEBUG] provider.terraform-provider-cloudflare_v5.2.0:
PUT /client/v4/accounts/<account_id>/cfd_tunnel/{tunnel_id}/configurations HTTP/1.1
> authorization: [redacted]
> accept: application/json
> x-stainless-retry-count: 0
> x-stainless-arch: x64
> x-stainless-runtime: terraform-plugin-framework
> x-stainless-os: Linux
> x-stainless-package-version: 5.2.0
> x-stainless-runtime-version: 1.13.0
> content-type: application/json
> user-agent: terraform-provider-cloudflare/5.2.0 terraform-plugin-framework/1.13.0 terraform/1.11.0
> x-stainless-lang: Terraform
>

{"config":{},"source":"local"}

[ranbel]

Hi @gregbrant2, thanks for flagging this issue. The Tunnel Terraform doc was written for provider version 4, and we have an internal ticket (PCX-14105) to update the syntax to version 5.

Where else in the documentation are you finding syntax errors?

[gregbrant2]

Thanks for the response @ranbel. When is that ticket due to be addressed?

[ranbel]

We are actively working on Zero Trust Terraform documentation and will update this issue once we have a PR open. In the meantime, you can refer to the Terraform provider docs for syntax examples. To report bugs with the provider itself, please open an issue in https://github.com/cloudflare/terraform-provider-cloudflare/issues.

[ranbel]

PR: #21641