Cloudflare Developers•3mo ago

Hello all. I'm trying to configure a

Hello all. I'm trying to configure a tunnel using the terraform provider and am getting this error. I couldn't find any matches online, so trying to understand what's wrong here. Has anyone seen anything like this?

│ Error: error creating Access Application for zones "f86........": error from makeRequest: auth.key_not_in_claims (1007)
│ 
│   with cloudflare_zero_trust_access_application.devportal_tunnel,
│   on devportal.tf line 54, in resource "cloudflare_zero_trust_access_application" "devportal_tunnel":
│   54: resource "cloudflare_zero_trust_access_application" "devportal_tunnel" {

│ Error: error creating Access Application for zones "f86........": error from makeRequest: auth.key_not_in_claims (1007)
│ 
│   with cloudflare_zero_trust_access_application.devportal_tunnel,
│   on devportal.tf line 54, in resource "cloudflare_zero_trust_access_application" "devportal_tunnel":
│   54: resource "cloudflare_zero_trust_access_application" "devportal_tunnel" {

4 Replies

mslOP•3mo ago

Here's what the request looks like. It includes the parameters domain and type that are required per the documentation.

2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: POST /client/v4/zones/f86......../access/apps HTTP/1.1
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: Host: api.cloudflare.com
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: User-Agent: terraform-provider-cloudflare/4.42.0 terraform-plugin-sdk/2.34.0 terraform/1.8.3
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: Content-Length: 587
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: Authorization: Bearer [redacted]
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: Content-Type: application/json
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: Accept-Encoding: gzip
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: {"app_launcher_visible":true,"auto_redirect_to_identity":false,"domain":"devportal.mydomain.com/","enable_binding_cookie":false,"http_only_cookie_attribute":false,"name":"Access application for devportal_tunnel","private_address":"","self_hosted_domains":null,"service_auth_401_redirect":false,"session_duration":"24h","skip_interstitial":false,"options_preflight_bypass":false,"type":"self_hosted","landing_page_design":{"title":"","message":"","image_url":"","button_color":"","button_text_color":""},"app_launcher_logo_url":"","header_bg_color":"","bg_color":"","footer_links":null}
2024-10-10T21:44:26.612-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: 2024/10/10 21:44:26
2024-10-10T21:44:26.612-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: HTTP/2.0 400 Bad Request

2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: POST /client/v4/zones/f86......../access/apps HTTP/1.1
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: Host: api.cloudflare.com
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: User-Agent: terraform-provider-cloudflare/4.42.0 terraform-plugin-sdk/2.34.0 terraform/1.8.3
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: Content-Length: 587
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: Authorization: Bearer [redacted]
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: Content-Type: application/json
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: Accept-Encoding: gzip
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0
2024-10-10T21:44:26.140-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: {"app_launcher_visible":true,"auto_redirect_to_identity":false,"domain":"devportal.mydomain.com/","enable_binding_cookie":false,"http_only_cookie_attribute":false,"name":"Access application for devportal_tunnel","private_address":"","self_hosted_domains":null,"service_auth_401_redirect":false,"session_duration":"24h","skip_interstitial":false,"options_preflight_bypass":false,"type":"self_hosted","landing_page_design":{"title":"","message":"","image_url":"","button_color":"","button_text_color":""},"app_launcher_logo_url":"","header_bg_color":"","bg_color":"","footer_links":null}
2024-10-10T21:44:26.612-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: 2024/10/10 21:44:26
2024-10-10T21:44:26.612-0500 [DEBUG] provider.terraform-provider-cloudflare_v4.42.0: HTTP/2.0 400 Bad Request

I've tried the 4.43 and 4.42 providers. The 5.0 returned some errors about having a bug that should be reported to the opentofu devs.

jb•3mo ago

you need to have a look at forming cloudflare_zero_trust_access_application.devportal_tunnel correctly. auth.key_not_in_claims

mslOP•3mo ago

I'm pretty sure my config matches the documentation. I don't have anything crazy:

resource "cloudflare_zero_trust_access_application" "devportal_tunnel" {
  zone_id          = var.zone_id
  name             = "Access application for devportal_tunnel"
  domain           = "devportal.mydomain.com/"
  session_duration = "24h"
}

resource "cloudflare_zero_trust_access_application" "devportal_tunnel" {
  zone_id          = var.zone_id
  name             = "Access application for devportal_tunnel"
  domain           = "devportal.mydomain.com/"
  session_duration = "24h"
}

jb•3mo ago

i'm not familiar enough with ZT to tell you either way 🙂 i'd recommend using the other support channels to see if someone knows what is the problem here. you can use the HTTP interactions to come up with a tech agnostic reproduction example.

Gaming

Programming

Hello all. I'm trying to configure a