Can't import cloudflare_split_tunnel

[fwieffering-blockfi]

Confirmation

• My issue isn't already found on the issue tracker.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

$ terraform -v
Terraform v1.0.7
on darwin_amd64
+ provider registry.terraform.io/cloudflare/cloudflare v3.4.0

Affected resource(s)

cloudflare_split_tunnel

Terraform configuration files

provider "cloudflare" {}

variable "account_id" {
  type = string
}

resource "cloudflare_split_tunnel" "exclude_tunnel" {
  account_id = var.account_id
  mode       = "exclude"

  tunnels {
    address = "172.16.0.0/16"
  }
}

Debug output

$ TF_LOG=debug terraform import 'cloudflare_split_tunnel.exclude_tunnel' '<account_id>'

2021-11-17T14:49:59.480-0600 [DEBUG] Starting graph walk: walkImport
2021-11-17T14:49:59.483-0600 [DEBUG] created provider logger: level=debug
2021-11-17T14:49:59.483-0600 [INFO]  provider: configuring client automatic mTLS
2021-11-17T14:49:59.492-0600 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.4.0/darwin_amd64/terraform-provider-cloudflare_v3.4.0 args=[.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.4.0/darwin_amd64/terraform-provider-cloudflare_v3.4.0]
2021-11-17T14:49:59.496-0600 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.4.0/darwin_amd64/terraform-provider-cloudflare_v3.4.0 pid=40097
2021-11-17T14:49:59.496-0600 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.4.0/darwin_amd64/terraform-provider-cloudflare_v3.4.0
2021-11-17T14:49:59.513-0600 [INFO]  provider.terraform-provider-cloudflare_v3.4.0: configuring server automatic mTLS: timestamp=2021-11-17T14:49:59.512-0600
2021-11-17T14:49:59.523-0600 [DEBUG] provider.terraform-provider-cloudflare_v3.4.0: plugin address: address=/var/folders/3b/p145b2yn20zcbshc1qwr4rh00000gq/T/plugin1850053234 network=unix timestamp=2021-11-17T14:49:59.523-0600
2021-11-17T14:49:59.524-0600 [DEBUG] provider: using plugin: version=5
2021-11-17T14:49:59.550-0600 [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" changed the config value, but that value is unused
2021-11-17T14:49:59.550-0600 [INFO]  provider.terraform-provider-cloudflare_v3.4.0: 2021/11/17 14:49:59 [INFO] Cloudflare Client configured for user:: timestamp=2021-11-17T14:49:59.550-0600
2021-11-17T14:49:59.550-0600 [INFO]  provider.terraform-provider-cloudflare_v3.4.0: 2021/11/17 14:49:59 [INFO] Using specified account id <account_id> in Cloudflare provider: timestamp=2021-11-17T14:49:59.550-0600
2021-11-17T14:49:59.550-0600 [INFO]  provider.terraform-provider-cloudflare_v3.4.0: 2021/11/17 14:49:59 [INFO] Cloudflare Client configured for user:: timestamp=2021-11-17T14:49:59.550-0600
�[0m�[1mcloudflare_split_tunnel.exclude_tunnel: Importing from ID "<account_id>"...�[0m
�[0m�[1m�[32mcloudflare_split_tunnel.exclude_tunnel: Import prepared!�[0m
�[0m�[32m  Prepared cloudflare_split_tunnel for import�[0m
�[0m�[1mcloudflare_split_tunnel.exclude_tunnel: Refreshing state... [id=<account_id>]�[0m
2021-11-17T14:49:59.560-0600 [INFO]  provider.terraform-provider-cloudflare_v3.4.0: 2021/11/17 14:49:59 [DEBUG] Cloudflare API Request Details:
---[ REQUEST ]---------------------------------------
GET /client/v4/accounts//devices/policy/ HTTP/1.1
Host: api.cloudflare.com
User-Agent: terraform/1.0.7 terraform-plugin-sdk/2.8.0 terraform-provider-cloudflare/3.4.0
Authorization: Bearer REDACTED
Content-Type: application/json
Accept-Encoding: gzip


-----------------------------------------------------: timestamp=2021-11-17T14:49:59.560-0600
�[31m�[31m╷�[0m�[0m
�[31m│�[0m �[0m�[1m�[31mError: �[0m�[0m�[1merror finding "" Split Tunnels: HTTP status 400: Could not route to /accounts/devices/policy, perhaps your object identifier is invalid? (7003), No route for that URI (7000)�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0m�[0m
�[31m╵�[0m�[0m
�[0m�[0m
2021-11-17T14:49:59.954-0600 [INFO]  provider.terraform-provider-cloudflare_v3.4.0: 2021/11/17 14:49:59 [DEBUG] Cloudflare API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 400 Bad Request
Connection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Cf-Cache-Status: DYNAMIC
Cf-Ray: 6afbd42d7bd67fa4-ORD
Content-Type: application/json
Date: Wed, 17 Nov 2021 20:50:00 GMT
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires: Sun, 25 Jan 1981 05:00:00 GMT
Pragma: no-cache
Server: cloudflare
Set-Cookie: __cflb=REDACTED; SameSite=Lax; path=/; expires=Wed, 17-Nov-21 23:20:01 GMT; HttpOnly
Set-Cookie: __cfruid=REDACTED; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

{
 "success": false,
 "errors": [
  {
   "code": 7003,
   "message": "Could not route to \/accounts\/devices\/policy, perhaps your object identifier is invalid?"
  },
  {
   "code": 7000,
   "message": "No route for that URI"
  }
 ],
 "messages": [],
 "result": null
}
-----------------------------------------------------: timestamp=2021-11-17T14:49:59.951-0600
2021-11-17T14:49:59.955-0600 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-11-17T14:49:59.958-0600 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.4.0/darwin_amd64/terraform-provider-cloudflare_v3.4.0 pid=40097
2021-11-17T14:49:59.958-0600 [DEBUG] provider: plugin exited

Panic output

No response

Expected output

I expected the split tunnels to be imported into the terraform state. The documentation https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/split_tunnel#import indicates that I have executed the import command correctly

Actual output

❯ terraform import 'module.split_tunnels.cloudflare_split_tunnel.exclude_tunnel' 'dfc1eccee639e36769fdb492761699fb'
module.split_tunnels.cloudflare_split_tunnel.exclude_tunnel: Importing from ID "dfc1eccee639e36769fdb492761699fb"...
module.split_tunnels.cloudflare_split_tunnel.exclude_tunnel: Import prepared!
  Prepared cloudflare_split_tunnel for import
module.split_tunnels.cloudflare_split_tunnel.exclude_tunnel: Refreshing state... [id=dfc1eccee639e36769fdb492761699fb]
╷
│ Error: error finding "" Split Tunnels: HTTP status 400: Could not route to /accounts/devices/policy, perhaps your object identifier is invalid? (7003), No route for that URI (7000)
│ 
│ 

Steps to reproduce

Attempt to import a cloudflare_split_tunnel resource into your project by running a terraform import command:

terraform import cloudflare_split_tunnel.example <account_id>

Additional factoids

No response

References

No response

[jacobbednarz]

it looks like there could be two issues here. the first is that the account ID isn’t being populated in the API call which is a configuration issue on your side where account_id is an empty string.

the second, is that the custom Read method isn’t being called which means after your config issue is addressed, it wouldn’t be fully syncing the state.

I can address the latter with a PR but you will need to also debug why the account ID is empty otherwise it won’t work.

[fwieffering-blockfi]

@jacobbednarz

it looks like there could be two issues here. the first is that the account ID isn’t being populated in the API call which is a configuration issue on your side where account_id is an empty string.

The account ID is sourced correctly in other parts of the log. Additionally, it's provided on the command line as the id to import terraform import 'cloudflare_split_tunnel.exclude_tunnel' '<account_id>'. I think there may be an issue with the account ID being populated into the API call, not an issue with configuration. you can see in the logs in the original post that terraform successfully finds the account id that I pass

❯ terraform import 'module.split_tunnels.cloudflare_split_tunnel.exclude_tunnel' '<account ID>'
module.split_tunnels.cloudflare_split_tunnel.exclude_tunnel: Importing from ID "<account ID>"...