rak3rman · April 10, 2025 02:13 · Apr 10, 2025
diff --git a/tf.log b/tf.log
@@ -0,0 +1,130 @@
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
+  # cloudflare_zero_trust_access_application.ssh_app will be created
+  + resource "cloudflare_zero_trust_access_application" "ssh_app" {
+      + account_id                   = "<REDACTED>"
+      + app_launcher_visible         = true
+      + aud                          = (known after apply)
+      + auto_redirect_to_identity    = false
+      + cors_headers                 = (known after apply)
+      + created_at                   = (known after apply)
+      + destinations                 = (known after apply)
+      + enable_binding_cookie        = false
+      + footer_links                 = (known after apply)
+      + http_only_cookie_attribute   = true
+      + id                           = (known after apply)
+      + landing_page_design          = (known after apply)
+      + name                         = "SSH Access Test"
+      + path_cookie_attribute        = false
+      + policies                     = [
+          + {
+              + connection_rules = {
+                  + ssh = {
+                      + usernames = [
+                          + "root",
+                        ]
+                    }
+                }
+              + decision         = "allow"
+              + exclude          = (known after apply)
+              + id               = (known after apply)
+              + include          = (known after apply)
+              + precedence       = 1
+              + require          = (known after apply)
+            },
+        ]
+      + saas_app                     = (known after apply)
+      + scim_config                  = (known after apply)
+      + session_duration             = "24h"
+      + skip_app_launcher_login_page = false
+      + target_criteria              = [
+          + {
+              + port              = 22
+              + protocol          = "SSH"
+              + target_attributes = {
+                  + "hostname" = [
+                      + "test-server",
+                    ]
+                }
+            },
+        ]
+      + type                         = "infrastructure"
+      + updated_at                   = (known after apply)
+    }
+
+  # cloudflare_zero_trust_access_infrastructure_target.test_server will be created
+  + resource "cloudflare_zero_trust_access_infrastructure_target" "test_server" {
+      + account_id  = "<REDACTED>"
+      + created_at  = (known after apply)
+      + hostname    = "test-server"
+      + id          = (known after apply)
+      + ip          = {
+          + ipv4 = {
+              + ip_addr = "10.0.0.1"
+            }
+        }
+      + modified_at = (known after apply)
+    }
+
+  # cloudflare_zero_trust_access_policy.test_policy will be created
+  + resource "cloudflare_zero_trust_access_policy" "test_policy" {
+      + account_id       = "<REDACTED>"
+      + app_count        = (known after apply)
+      + approval_groups  = (known after apply)
+      + created_at       = (known after apply)
+      + decision         = "allow"
+      + exclude          = (known after apply)
+      + id               = (known after apply)
+      + include          = [
+          + {
+              + email = {
+                  + email = "[email protected]"
+                }
+            },
+        ]
+      + name             = "Allow engineers"
+      + require          = (known after apply)
+      + reusable         = (known after apply)
+      + session_duration = "24h"
+      + updated_at       = (known after apply)
+    }
+
+Plan: 3 to add, 0 to change, 0 to destroy.
+
+Do you want to perform these actions?
+  Terraform will perform the actions described above.
+  Only 'yes' will be accepted to approve.
+
+  Enter a value: yes
+
+cloudflare_zero_trust_access_infrastructure_target.test_server: Creating...
+cloudflare_zero_trust_access_policy.test_policy: Creating...
+cloudflare_zero_trust_access_infrastructure_target.test_server: Creation complete after 0s [id=01961d70-e485-73ea-8f52-855d7e708e35]
+cloudflare_zero_trust_access_policy.test_policy: Creation complete after 0s [id=e3f46e7f-9fca-43ea-bd58-fc8043dc3fa4]
+cloudflare_zero_trust_access_application.ssh_app: Creating...
+╷
+│ Error: failed to make http request
+│ 
+│   with cloudflare_zero_trust_access_application.ssh_app,
+│   on main.tf line 29, in resource "cloudflare_zero_trust_access_application" "ssh_app":
+│   29: resource "cloudflare_zero_trust_access_application" "ssh_app" {
+│ 
+│ POST "https://api.cloudflare.com/client/v4/accounts/<REDACTED>/access/apps": 400 Bad Request {
+│   "result": null,
+│   "success": false,
+│   "errors": [
+│     {
+│       "code": 12130,
+│       "message": "access.api.error.invalid_request: invalid policy at index 0",
+│       "error_chain": [
+│         {
+│           "message": "infrastructure apps do not support session duration"
+│         }
+│       ]
+│     }
+│   ],
+│   "messages": []
+│ }