How do I create a Hostname origin_tls_client_auth via the Terraform provider?

Hello, I am using the 5.8.2 Terrafrom provider to set up Authenticated Origin Pull for a specific hostname. From what I can tell, the

cloudflare_authenticated_origin_pulls_certificate

cloudflare_authenticated_origin_pulls_certificate

object no longer supports type. This means that all certs created are for the zone and not for the host.

Pulling the zone certs

curl https://api.cloudflare.com/client/v4/zones/{ZoneID}/origin_tls_client_auth \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2502    0  2502    0     0   5153      0 --:--:-- --:--:-- --:--:--  5158
{
  "success": true,
  "result": [
    {
      "id": "{ID}",
      "status": "active",
      {CERT INFO}
    }
}

curl https://api.cloudflare.com/client/v4/zones/{ZoneID}/origin_tls_client_auth \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2502    0  2502    0     0   5153      0 --:--:-- --:--:-- --:--:--  5158
{
  "success": true,
  "result": [
    {
      "id": "{ID}",
      "status": "active",
      {CERT INFO}
    }
}

Pull the hostname certs. Since I am implementing hostname-based AOP, I need a cert list at this endpoint.

 curl https://api.cloudflare.com/client/v4/zones/{zone id}/origin_tls_client_auth/hostnames/certificates \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   119    0   119    0     0    374      0 --:--:-- --:--:-- --:--:--   375
{
  "success": true,
  "errors": [],
  "messages": [],
  "result": [],
}

 curl https://api.cloudflare.com/client/v4/zones/{zone id}/origin_tls_client_auth/hostnames/certificates \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   119    0   119    0     0    374      0 --:--:-- --:--:-- --:--:--   375
{
  "success": true,
  "errors": [],
  "messages": [],
  "result": [],
}

TF object in question: https://registry.terraform.io/providers/cloudflare/cloudflare/5.8.2/docs/resources/authenticated_origin_pulls_certificate

In the 4.x version of the provider, there was a notion of type. It seems like this was missed when moving to 5.x

type (String) The form of Authenticated Origin Pulls to upload the certificate to. Available values: per-zone, per-hostname. Modifying this attribute will force creation of a new resource.

type (String) The form of Authenticated Origin Pulls to upload the certificate to. Available values: per-zone, per-hostname. Modifying this attribute will force creation of a new resource.

What do I need to do to have the 5.x version work with hostname-based AOP?

Terraform Registry

How do I create a Hostname origin_tls_client_auth via the Terraform provider?

Hello, I am using the 5.8.2 Terrafrom provider to set up Authenticated Origin Pull for a specific hostname. From what I can tell, the

cloudflare_authenticated_origin_pulls_certificate

cloudflare_authenticated_origin_pulls_certificate

object no longer supports type. This means that all certs created are for the zone and not for the host.

Pulling the zone certs

curl https://api.cloudflare.com/client/v4/zones/{ZoneID}/origin_tls_client_auth \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2502    0  2502    0     0   5153      0 --:--:-- --:--:-- --:--:--  5158
{
  "success": true,
  "result": [
    {
      "id": "{ID}",
      "status": "active",
      {CERT INFO}
    }
}

curl https://api.cloudflare.com/client/v4/zones/{ZoneID}/origin_tls_client_auth \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2502    0  2502    0     0   5153      0 --:--:-- --:--:-- --:--:--  5158
{
  "success": true,
  "result": [
    {
      "id": "{ID}",
      "status": "active",
      {CERT INFO}
    }
}

Pull the hostname certs. Since I am implementing hostname-based AOP, I need a cert list at this endpoint.

 curl https://api.cloudflare.com/client/v4/zones/{zone id}/origin_tls_client_auth/hostnames/certificates \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   119    0   119    0     0    374      0 --:--:-- --:--:-- --:--:--   375
{
  "success": true,
  "errors": [],
  "messages": [],
  "result": [],
}

 curl https://api.cloudflare.com/client/v4/zones/{zone id}/origin_tls_client_auth/hostnames/certificates \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   119    0   119    0     0    374      0 --:--:-- --:--:-- --:--:--   375
{
  "success": true,
  "errors": [],
  "messages": [],
  "result": [],
}

type (String) The form of Authenticated Origin Pulls to upload the certificate to. Available values: per-zone, per-hostname. Modifying this attribute will force creation of a new resource.

type (String) The form of Authenticated Origin Pulls to upload the certificate to. Available values: per-zone, per-hostname. Modifying this attribute will force creation of a new resource.

What do I need to do to have the 5.x version work with hostname-based AOP?

Terraform Registry

How do I create a Hostname origin_tls_client_auth via the Terraform provider?

How do I create a Hostname origin_tls_client_auth via the Terraform provider?

Similar Threads

Similar Threads

Similar Threads