Add support to retrieve ruleset ids to successfully import custom cloudflare_ruleset

[jbmartino]

Current Terraform and Cloudflare provider version

Terraform v1.4.6
Cloudflare v4.15.0

Description

The following curl request only returns kind: managed/zone rulesets and never returns custom rulesets so it's impossible to get the ruleset id in order to import custom cloudflare_ruleset
curl --request GET
--url https://api.cloudflare.com/client/v4/accounts/zone_id/rulesets
--header 'Authorization: Bearer api_token'
--header 'Content-Type: application/json'

Use cases

Unless we are able to obtain ruleset ids for kind: custom cloudflare_ruleset we are unable to import existing custom rulesets into terraform.

Potential Terraform configuration

resource "cloudflare_ruleset" "videos" {
  account_id = local.account_id
  name       = "Videos"
  kind       = "custom"
  phase      = "http_request_firewall_custom"
  rules {
    action     = "log"
    expression = "(http.request.uri.path eq \"*.mov\" or http.request.uri.path eq \"*.mp4\")"
    enabled    = true
  }
}

References

https://github.com/cloudflare/terraform-provider-cloudflare/pull/2054/files this solves import for cloudflare_ruleset however it's currently not possible to retrieve ruleset ids for custom rulesets

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[jacobbednarz]

have you tried using the cloudflare_ruleset data source? https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/data-sources/rulesets#filter

that has worked for me in the past to get any rule type.

[jbmartino]

@jacobbednarz Thanks for the suggestion. I created a few different data sources for various custom rules we have. They all return the same ruleset id and when I try to run a zone import for our cloudflare_ruleset.videos resource for example I get the following error:

| While attempting to import an existing object to "cloudflare_ruleset.videos", 
| the provider detected that no object exists with the given id. Only pre-existing objects
| can be imported; check that the id is correct and that it is associated 
| with the provider's configured region or endpoint, or use "terraform apply" 
| to create a new remote object for this resource.

After further digging maybe the issue lies in the fact that I'm trying to import custom "rules" rather than custom "rulesets"
https://developers.cloudflare.com/waf/custom-rules/
https://developers.cloudflare.com/waf/custom-rulesets/create-dashboard/

[jacobbednarz]

you don't import rules; you import the entire ruleset and the rules are a part of that.

[jacobbednarz]

closing this off as a misunderstanding of how the cloudflare_ruleset resource currently works. if you manage to find a bug or something missing, please open a new issue following the issue template.