Skip to content

Getting “Resource instance managed by newer provider version” while using latest provider version #6454

New issue
New issue
Open
Open
Getting “Resource instance managed by newer provider version” while using latest provider version#6454
Labels
kind/bugCategorizes issue or PR as related to a bug.version/5Categorizes issue or PR as related to version 5 of the provider.
@wollo77

Description

@wollo77
wollo77
opened on Nov 12, 2025

Confirmation

  • This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
  • I have searched the issue tracker and my issue isn't already found.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.13.5
provider registry.terraform.io/cloudflare/cloudflare v5.12.0

Affected resource(s)

cloudflare_ruleset

Terraform configuration files

resource "cloudflare_ruleset" "zone_level_waf_custom_ruleset" {
    kind    = "zone"
    name    = "default"
    phase   = "http_request_firewall_custom"
    zone_id = var.zone_id

    rules = [
      {
        ref         = "block_crimea"
        action      = "block"
        description = "Block Crimea"
        enabled     = true
        expression  = "ip.geoip.subdivision_1_iso_code eq \"UA-43\""
      },
...

Link to debug output

https://gist.github.com/wollo77/992dd6a4a5480f6172aef31822397655

Panic output

No response

Expected output

I want to upgrade a TF state for cloudflare from provider version ~4 to version ~5 and from TF 1.8.5 to 1.13.5.
The provider should be able to execute terraform plan after upgrading to the v5 provider from v4.

Actual output

The upgrade command executes without issue to be successful, but now, when I execute terraform plan, I am getting the message:

│ Error: Resource instance managed by newer provider version
│
│ The current state of module.cloudflare_ipa_waf_rules["development-001"].cloudflare_ruleset.zone_level_waf_custom_ruleset was created by a newer provider version than is currently selected. Upgrade the cloudflare provider to work with this state.

The objects causing issues are of the type cloudflare_ruleset. In the verbose log, I am seeing:

2025-11-11T14:11:51.175+0100 [TRACE] upgradeResourceState: can't downgrade state for module.cloudflare_ipa_waf_rules["development-001"].cloudflare_ruleset.zone_level_waf_custom_ruleset from version 1 to 0

Steps to reproduce

Update existing v4 ruleset configuration with necessary changes according to documentation to move to v5.
Execute terraform init -upgrade, followed by terraform plan

Additional factoids

According to the log, the version of cloudflare_rules went from 1 to 0, but it should only increase with an upgrade to a newer version.

Also discussed here on terraform forums: https://discuss.hashicorp.com/t/getting-resource-instance-managed-by-newer-provider-version-while-using-latest-provider-version/76765/4

References

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.version/5Categorizes issue or PR as related to version 5 of the provider.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions