Can't import cloudflare_split_tunnel - part 2

[oyoyo14]

Confirmation

• My issue isn't already found on the issue tracker.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

$ terraform -v
Terraform v1.0.3
on linux_amd64
+ provider registry.terraform.io/cloudflare/cloudflare v3.5.0

Your version of Terraform is out of date! The latest version
is 1.1.1. You can update by downloading from https://www.terraform.io/downloads.html

Affected resource(s)

• cloudflare_split_tunnel

Terraform configuration files

terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
    }
  }
}

provider "cloudflare" {
}

resource "cloudflare_split_tunnel" "include" {
  account_id = "<ACCOUNT_ID>"
  mode       = "include"
   tunnels {
    host        = "*.example.com"
    description = "example domain"
  }
}

Debug output

# TF_LOG=DEBUG terraform import cloudflare_split_tunnel.include <ACCOUNT_ID>/include
2021-12-16T20:32:58.156Z [DEBUG] Adding temp file log sink: /tmp/terraform-log225542421
2021-12-16T20:32:58.156Z [INFO]  Terraform version: 1.0.3
2021-12-16T20:32:58.156Z [INFO]  Go runtime version: go1.16.4
2021-12-16T20:32:58.156Z [INFO]  CLI args: []string{"/usr/local/bin/terraform", "import", "cloudflare_split_tunnel.include", "<ACCOUNT_ID>/include"}
2021-12-16T20:32:58.156Z [DEBUG] Attempting to open CLI config file: /root/.terraformrc
2021-12-16T20:32:58.156Z [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2021-12-16T20:32:58.157Z [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2021-12-16T20:32:58.157Z [DEBUG] ignoring non-existing provider search directory /root/.terraform.d/plugins
2021-12-16T20:32:58.157Z [DEBUG] ignoring non-existing provider search directory /root/.local/share/terraform/plugins
2021-12-16T20:32:58.157Z [DEBUG] ignoring non-existing provider search directory /usr/local/share/terraform/plugins
2021-12-16T20:32:58.157Z [DEBUG] ignoring non-existing provider search directory /usr/share/terraform/plugins
2021-12-16T20:32:58.157Z [INFO]  CLI command args: []string{"import", "cloudflare_split_tunnel.include", "<ACCOUNT_ID>/include"}
2021-12-16T20:32:58.157Z [DEBUG] New state was assigned lineage "b06002f1-8755-4be8-cdae-f098a66a0f44"
2021-12-16T20:32:58.195Z [DEBUG] checking for provisioner in "."
2021-12-16T20:32:58.195Z [DEBUG] checking for provisioner in "/usr/local/bin"
2021-12-16T20:32:58.195Z [INFO]  Failed to read plugin lock file .terraform/plugins/linux_amd64/lock.json: open .terraform/plugins/linux_amd64/lock.json: no such file or directory
2021-12-16T20:32:58.196Z [DEBUG] backend/local: skipping refresh of managed resources
2021-12-16T20:32:58.197Z [DEBUG] created provider logger: level=debug
2021-12-16T20:32:58.197Z [INFO]  provider: configuring client automatic mTLS
2021-12-16T20:32:58.226Z [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.5.0/linux_amd64/terraform-provider-cloudflare_v3.5.0 args=[.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.5.0/linux_amd64/terraform-provider-cloudflare_v3.5.0]
2021-12-16T20:32:58.226Z [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.5.0/linux_amd64/terraform-provider-cloudflare_v3.5.0 pid=5127
2021-12-16T20:32:58.226Z [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.5.0/linux_amd64/terraform-provider-cloudflare_v3.5.0
2021-12-16T20:32:58.230Z [INFO]  provider.terraform-provider-cloudflare_v3.5.0: configuring server automatic mTLS: timestamp=2021-12-16T20:32:58.230Z
2021-12-16T20:32:58.238Z [DEBUG] provider: using plugin: version=5
2021-12-16T20:32:58.238Z [DEBUG] provider.terraform-provider-cloudflare_v3.5.0: plugin address: address=/tmp/plugin3597148409 network=unix timestamp=2021-12-16T20:32:58.238Z
2021-12-16T20:32:58.271Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-12-16T20:32:58.271Z [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.5.0/linux_amd64/terraform-provider-cloudflare_v3.5.0 pid=5127
2021-12-16T20:32:58.271Z [DEBUG] provider: plugin exited
2021-12-16T20:32:58.272Z [DEBUG] ProviderTransformer: "cloudflare_split_tunnel.include" (*terraform.NodeAbstractResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-12-16T20:32:58.272Z [DEBUG] ProviderTransformer: "cloudflare_split_tunnel.include (import id \"<ACCOUNT_ID>/include\")" (*terraform.graphNodeImportState) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2021-12-16T20:32:58.272Z [DEBUG] ReferenceTransformer: "cloudflare_split_tunnel.include" references: []
2021-12-16T20:32:58.272Z [DEBUG] ReferenceTransformer: "cloudflare_split_tunnel.include (import id \"<ACCOUNT_ID>/include\")" references: []
2021-12-16T20:32:58.272Z [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" references: []
2021-12-16T20:32:58.272Z [DEBUG] Starting graph walk: walkImport
2021-12-16T20:32:58.272Z [DEBUG] created provider logger: level=debug
2021-12-16T20:32:58.272Z [INFO]  provider: configuring client automatic mTLS
2021-12-16T20:32:58.304Z [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.5.0/linux_amd64/terraform-provider-cloudflare_v3.5.0 args=[.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.5.0/linux_amd64/terraform-provider-cloudflare_v3.5.0]
2021-12-16T20:32:58.305Z [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.5.0/linux_amd64/terraform-provider-cloudflare_v3.5.0 pid=5141
2021-12-16T20:32:58.305Z [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.5.0/linux_amd64/terraform-provider-cloudflare_v3.5.0
2021-12-16T20:32:58.308Z [INFO]  provider.terraform-provider-cloudflare_v3.5.0: configuring server automatic mTLS: timestamp=2021-12-16T20:32:58.308Z
2021-12-16T20:32:58.317Z [DEBUG] provider: using plugin: version=5
2021-12-16T20:32:58.317Z [DEBUG] provider.terraform-provider-cloudflare_v3.5.0: plugin address: address=/tmp/plugin908995590 network=unix timestamp=2021-12-16T20:32:58.317Z
2021-12-16T20:32:58.352Z [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" changed the config value, but that value is unused
2021-12-16T20:32:58.353Z [INFO]  provider.terraform-provider-cloudflare_v3.5.0: 2021/12/16 20:32:58 [INFO] Cloudflare Client configured for user:: timestamp=2021-12-16T20:32:58.353Z
2021-12-16T20:32:58.353Z [INFO]  provider.terraform-provider-cloudflare_v3.5.0: 2021/12/16 20:32:58 [INFO] Using specified account id <ACCOUNT_ID> in Cloudflare provider: timestamp=2021-12-16T20:32:58.353Z
2021-12-16T20:32:58.353Z [INFO]  provider.terraform-provider-cloudflare_v3.5.0: 2021/12/16 20:32:58 [INFO] Cloudflare Client configured for user:: timestamp=2021-12-16T20:32:58.353Z
cloudflare_split_tunnel.include: Importing from ID "<ACCOUNT_ID>/include"...
cloudflare_split_tunnel.include: Import prepared!
  Prepared cloudflare_split_tunnel for import
cloudflare_split_tunnel.include: Refreshing state... [id=<ACCOUNT_ID>/include]
2021-12-16T20:32:58.355Z [INFO]  provider.terraform-provider-cloudflare_v3.5.0: 2021/12/16 20:32:58 [DEBUG] Cloudflare API Request Details:
---[ REQUEST ]---------------------------------------
GET /client/v4/accounts//devices/policy/ HTTP/1.1
Host: api.cloudflare.com
User-Agent: terraform/1.0.3 terraform-plugin-sdk/2.10.0 terraform-provider-cloudflare/3.5.0
Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Content-Type: application/json
Accept-Encoding: gzip


-----------------------------------------------------: timestamp=2021-12-16T20:32:58.355Z
2021-12-16T20:33:09.157Z [INFO]  provider.terraform-provider-cloudflare_v3.5.0: 2021/12/16 20:33:09 [DEBUG] Cloudflare API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 400 Bad Request
Connection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Cf-Cache-Status: DYNAMIC
Cf-Ray: xxxxxxxxxxxxxxxxxxxx
Content-Type: application/json
Date: Thu, 16 Dec 2021 20:33:09 GMT
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires: Sun, 25 Jan 1981 05:00:00 GMT
Pragma: no-cache
Server: cloudflare
Set-Cookie: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; SameSite=Lax; path=/; expires=Thu, 16-Dec-21 23:03:10 GMT; HttpOnly
Set-Cookie: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

{
 "success": false,
 "errors": [
  {
   "code": 7003,
   "message": "Could not route to \/accounts\/devices\/policy, perhaps your object identifier is invalid?"
  },
  {
   "code": 7000,
   "message": "No route for that URI"
  }
 ],
 "messages": [],
 "result": null
}
-----------------------------------------------------: timestamp=2021-12-16T20:33:09.157Z
╷
│ Error: error finding "" Split Tunnels: HTTP status 400: Could not route to /accounts/devices/policy, perhaps your object identifier is invalid? (7003), No route for that URI (7000)
│
│
╵

2021-12-16T20:33:09.161Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-12-16T20:33:09.163Z [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/cloudflare/cloudflare/3.5.0/linux_amd64/terraform-provider-cloudflare_v3.5.0 pid=5141
2021-12-16T20:33:09.164Z [DEBUG] provider: plugin exited

Panic output

N/A

Expected output

Resource correctly imported

Actual output

$ terraform import cloudflare_split_tunnel.include <ACCOUNT_ID>/include
cloudflare_split_tunnel.include: Importing from ID "<ACCOUNT_ID>/include"...
cloudflare_split_tunnel.include: Import prepared!
  Prepared cloudflare_split_tunnel for import
cloudflare_split_tunnel.include: Refreshing state... [id=<ACCOUNT_ID>/include]
╷
│ Error: error finding "" Split Tunnels: HTTP status 400: Could not route to /accounts/devices/policy, perhaps your object identifier is invalid? (7003), No route for that URI (7000)
│
│
╵

Steps to reproduce

1. Copy previous conf file
2. $ terraform import cloudflare_split_tunnel.include <ACCOUNT_ID>/include

Additional factoids

1. Missing the account id in the path of the request

---[ REQUEST ]---------------------------------------
GET /client/v4/accounts//devices/policy/ HTTP/1.1
Host: api.cloudflare.com
User-Agent: terraform/1.0.3 terraform-plugin-sdk/2.10.0 terraform-provider-cloudflare/3.5.0
Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Content-Type: application/json
Accept-Encoding: gzip

2. Even with curl on a path with an account id, we get an error:

$  curl -X GET "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/devices/policy/"      -H "Content-Type:application/json"      -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
{"success":false,"errors":[{"message":"unsupported path","code":6034}]

The slash at the end of the path need to be removed.

# curl -X GET "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/devices/policy"      -H "Content-Type:application/json"      -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
{REDACTED, "success":true,"errors":[],"messages":[]}

References

• Can't import cloudflare_split_tunnel #1313

[tjstansell]

I tried the same with v3.5.0 and get the same error. Not sure why the parameters aren't being passed to the read call ... but it should be hitting the api endpoint of

https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/devices/policy/$MODE