I'm assuming for pages project it's not possible to use direct uploads? Only shows git stuff here

You should be able to managed direct upload projects via terraform. You can’t do a direct upload deployment via terraform though. That part has to be done externally

Ah I see interesting

There is a feature request to support direct uploads via terraform but that’s likely not going to happen as it would require the direct upload api being publicly documented

The workers one actually uploads the file though I assume since it has a content input?

Yeah workers has a documented way to upload code

Does the TF Provider currently have support for "Custom Nameservers" on zones? Im looking through the docs and feel dense; i don't see anything

I believe it is “vanity_nameservers” under the zone resource

That is read-only according to the documentation

Oh it is. Then I don't think it is possible to set with terraform. You should make an feature request on the repo for it

If it turns out to be something we need, I'll make a PR for the feature

Hey, did Hashicorp ever come back with anything useful or should I just assume the cloudflare provider won't be available from the hashicorp releases going forward?

Is there any way to enable

workers.dev

subdomains for

cloudflare_worker_script

resources in the Terraform provider? After a lot of investigating it seems that it is not possible and I'd have to have throw something else together with the

wrangler

CLI somehow, but I just want confirm first

I don't believe there is a way with terraform. As far as I am aware the API for enabling/disabling the

workers.dev

route is not documented.

Okay, thanks. I'll just have to hack it with a Terraform

external

provider like I thought then 😓

Yeah wrangler and terraform don't play nice because they both want to be the source of truth

Yeah... Fingers crossed this will mostly work 😩

Does anyone have example code for using the cloudflare_rulesets data source for querying for an OWASP ruleset category? I am trying to replace

categories {
          category = "attack-injection-php"
          enabled = false
        }

With a "skip" rule that does the same thing. I can create a rule where I list all the current "attack-injection-php" rules but that won't help me pick up any new rules that get added with that tag.

none that come to mind but you could try looking at https://github.com/cloudflare/terraform-provider-cloudflare/blob/master/internal/framework/service/rulesets/resource_test.go and searching for "skip"

howdy everybody! I was wondering if there was a roadmap for the provider? I'm looking to switch to terraform to deploy workers (using pulumi) but I'd need a way to specify the

usage_model

on worker scripts; and then looking further out, the ability to declare durable objects

There is an open issue on the terraform provider to add usage model (https://github.com/cloudflare/terraform-provider-cloudflare/issues/1205) however, durable objects would need to have a documented API before the process of adding it to the provider could be started.

Personally, for workers I would stick to wrangler and both wrangler and terraform will complete to be the source of truth

subscribed, thanks 🙂 I'm building a tool that generates a terraform stack dynamically in prod, so there's no opportunity in this pipeline to use a CLI (incl wrangler) I suppose I could wrap the wrangler CLI with an automation layer, and then build a custom terraform integration with the wrapper... but then I wonder if this is how the terraform provider should be built by default, given that "use wrangler to deploy" seems to be the officially-sanctioned guidance?

wrangler is deeper integrated with the JS ecosystem and has things like bundling and service binding declarations in the wrangler config. terraform takes a deeper approach by maintaining the entire lifecycle of the resource. they are two different tools really.

i.e. terraform doesn't have an inbuilt way of minifying and bundling. you need to do that yourself.

that's all good... I'd prefer to do a JS build outside of the deploy process so I can have finer control over the bundling/minifying/etc tooling (I also need to do this because I'm doing some crazy things with in-memory only modules via an esbuild plugin). I then create a bundle in memory and use pulumi to deploy it to cloudflare

it's working very well so I've been able to avoid wrangler CLI so far, except in 1 instance I did need a very small durable object so I used wrangler to deploy a new service + DO, and then I can access it from my terraform-managed resources via a service bindings (as terraform does not yet support DO bindings). I think this approach is adding a bit of latency because of the additional service-service hop, but that's okay for now

fwiw, i use terraform in the same way. everything else is done outside of terraform and then the deploy process just picks up the file contents with any bindings, etc defined

Hi! I am trying to use cf-terraforming to generate some basics and no matter what i choose i get

FATA[0000] --account and --zone are mutually exclusive, support for both is deprecated

I've tried both with a token that has read on all resources and also the global key and email. Tried basics as shown in the wiki like

generate --zone ZONE_ID --resource-type "cloudflare_record"

and things that need the --account to no avail. Im not using zone and account together either so not sure why the error?