Cloudflare_ruleset - http_ratelimit - mitigation_timeout missing

[Jguzmanr07]

Confirmation

• This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
• I have searched the issue tracker and my issue isn't already found.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

cloudflare/cloudflare v4.30.0

Affected resource(s)

cloudflare_ruleset

Terraform configuration files

resource "cloudflare_ruleset" "rate_limit_prod" {
    count       = local.env == "prod" ? 1 : 0
    zone_id     = var.cloudflare_zone_id[local.env]
    name        = "restrict API requests count"
    description = "apply HTTP rate limiting for a route"
    kind        = "zone"
    phase       = "http_ratelimit"

    rules {
            action      = "block"
            description = "login_wallet_prod"
            enabled     = true
            ratelimit {
                characteristics     = ["cf.colo.id","ip.src"]
                period              = 60
                requests_per_period = 100
                requests_to_origin  = false
                mitigation_timeout  = 0
                }
            expression  = "(http.host eq \"api.${var.pattern_id[local.env]}\" and http.request.uri.path eq \"/login/test\")"
    }
}

Link to debug output

Panic output

2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: Set-Cookie: __cf_bm=OOHdZ53kGSlCt.pi3OoetyyQn0KOHNeHGxMoRAAeoO4-1725945044-1.0.1.1-X4w4Qo_kJH09KFhynp76mNmq9clNPzxqQHrhVTbQpBByPX8MuqCJQ6foP7r_76z3pRIY5hsomr8xljt9JjCsEw; path=/; expires=Tue, 10-Sep-24 05:40:44 GMT; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: Set-Cookie: __cfruid=bc873ca3ecd759c1964781e6fd83b976f12ddb3c-1725945044; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: Vary: Accept-Encoding
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: X-Version: 10272-dde978c4a65c
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: {
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: "result": null,
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: "success": false,
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: "errors": [
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: {
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: "code": 20156,
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: "message": "field must be provided",
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: "source": {
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: "pointer": "/rules/0/ratelimit/mitigation_timeout"
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: }
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: }
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: ],
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: "messages": null
2024-09-10T05:10:44.931Z [DEBUG] provider.terraform-provider-cloudflare_v4.30.0: }
2024-09-10T05:10:44.954Z [ERROR] provider.terraform-provider-cloudflare_v4.30.0: Response contains error diagnostic: diagnostic_severity=ERROR tf_provider_addr=registry.terraform.io/cloudflare/cloudflare tf_req_id=034fa5c2-5759-bad5-4902-3e9401337467 tf_resource_type=cloudflare_ruleset @module=sdk.proto diagnostic_detail="field must be provided (20156)" diagnostic_summary="error updating ruleset with ID "89ac390c6eae4807a368afd1ad187d92"" tf_proto_version=6.4 tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/[email protected]/tfprotov6/internal/diag/diagnostics.go:62 timestamp=2024-09-10T05:10:44.954Z
2024-09-10T05:10:44.956Z [DEBUG] State storage *remote.State declined to persist a state snapshot
2024-09-10T05:10:44.957Z [ERROR] vertex "cloudflare_ruleset.rate_limit_payvalida_dev[0]" error: error updating ruleset with ID "89ac390c6eae4807a368afd1ad187d92"
2024-09-10T05:10:44.957Z [DEBUG] states/remote: state read serial is: 10; serial is: 10
2024-09-10T05:10:44.957Z [DEBUG] states/remote: state read lineage is: b4fc830f-9ee6-cbf8-90fb-84df8258ed88; lineage is: b4fc830f-9ee6-cbf8-90fb-84df8258ed88

Error: error updating ruleset with ID "89ac390c6eae4807a368afd1ad187d92"

with cloudflare_ruleset.rate_limit_payvalida_dev[0],
on wafRateLimitRulesDev.tf line 3, in resource "cloudflare_ruleset" "rate_limit_payvalida_dev":
3: resource "cloudflare_ruleset" "rate_limit_payvalida_dev" {

field must be provided (20156)

Expected output

no error

https://developers.cloudflare.com/waf/rate-limiting-rules/parameters/#for-duration

I am setting mitigation_timeout=0 for a rule="block"

Actual output

terraform apply reported error

Steps to reproduce

Update to v4.30.0
Add cloudflare_ruleset for http_ratelimit with managed_challenge
No mitigation_timeout needed for block in v4.30.0

Additional factoids

No response

References

https://developers.cloudflare.com/waf/rate-limiting-rules/parameters/#for-duration

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[github-actions]

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

[github-actions]

Marking this issue as stale due to 30 days of inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 7 days it will automatically be closed. Maintainers can also remove the lifecycle/stale label.
If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[github-actions]

This issue was closed because it has been stalled for 7 days with no activity.