Skip to content

cloudflare_account_member results in "Error: Provider returned invalid result object after apply" for existing resources #6347

New issue
New issue
Open
Open
cloudflare_account_member results in "Error: Provider returned invalid result object after apply" for existing resources#6347
Labels
kind/bugCategorizes issue or PR as related to a bug.version/5Categorizes issue or PR as related to version 5 of the provider.
@stephenbuckley-wpp

Description

@stephenbuckley-wpp
stephenbuckley-wpp
opened on Oct 16, 2025

Confirmation

  • This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
  • I have searched the issue tracker and my issue isn't already found.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

v5.11.0

plugin=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/5.11.0/linux_amd64/terraform-provider-cloudflare_v5.11.0 id=119

Affected resource(s)

cloudflare_account_member

Terraform configuration files

resource "cloudflare_account_member" "example_account_member" {
  account_id = var.account_id
  email      = "user@example.com"
  policies = [{
    access = "allow"
    permission_groups = [{
      id = "a5e5061418ea445fbba04aac57f359a8" # domain administrator
    }]
    resource_groups = [
      { id = "11111111111111111111111111111111"}, # exampleRG1 present when member created
      { id = "22222222222222222222222222222222"}  # exampleRG2 added later
    ]
  }]
  status = "accepted"
}

Link to debug output

https://gist.github.com/stephenbuckley-wpp/a68f3d8b856d6792a382413df16b7e9b

Panic output

n/a

Expected output

no error, users gets updated

Actual output

see the gist of the whole enchilada but the salient error from the end of the apply is:

cloudflare_account_member.policy_members["user1@exampledomain.co.uk"].policies[0].id. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will still save the other known object values in the state.

Steps to reproduce

  1. create a cloudflare_account_member resource with a policy not a role
  2. plan/apply creating that member resource
  3. make a change to the users policy
  4. run a subsequent plan/apply and see the error

Additional factoids

I'm using terraform cloud as my execution environment.

FWIW the user does appear to be changed, but this error is extremely annoying and I have a feeling its also playing merry hell with my attempts to write some slightly more intelligent terraform where i try and specify permissions and resource groups by their names retrieved in a data block.

References

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.version/5Categorizes issue or PR as related to version 5 of the provider.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions