Can't add account_id to a cloudflare_byo_ip_prefix

[maleblond]

Confirmation

• My issue isn't already found on the issue tracker.
• I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

1.0.11

Affected resource(s)

cloudflare_byo_ip_prefix

Terraform configuration files

resource "cloudflare_byo_ip_prefix" "some-byoip-name" {
  account_id    = var.cloudflare_account_id
  prefix_id     = "<prefix_id>"
  description   = "<description>"
  advertisement = "on"
}

Debug output

2022-05-09T08:40:30.769-0400 [DEBUG] Adding temp file log sink: /var/folders/ft/c_t2p1k135g25b4k0qsf17g40000gn/T/terraform-log805286404
2022-05-09T08:40:30.769-0400 [INFO]  Terraform version: 1.0.11
2022-05-09T08:40:30.769-0400 [INFO]  Go runtime version: go1.16.4
2022-05-09T08:40:30.769-0400 [INFO]  CLI args: []string{"/opt/homebrew/Cellar/tfenv/2.2.3/versions/1.0.11/terraform", "plan", "-target=cloudflare_byo_ip_prefix.some_byoip_name"}
2022-05-09T08:40:30.769-0400 [DEBUG] Attempting to open CLI config file: /Users/maleblond/.terraformrc
2022-05-09T08:40:30.769-0400 [INFO]  Loading CLI configuration from /Users/maleblond/.terraformrc
2022-05-09T08:40:30.770-0400 [DEBUG] checking for credentials in "/Users/maleblond/.terraform.d/plugins"
2022-05-09T08:40:30.771-0400 [DEBUG] Explicit provider installation configuration is set
2022-05-09T08:40:30.771-0400 [INFO]  CLI command args: []string{"plan", "-target=cloudflare_byo_ip_prefix.some_byoip_name"}
2022-05-09T08:40:30.794-0400 [DEBUG] Provider registry.terraform.io/cloudflare/cloudflare is overridden to load from /Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare
2022-05-09T08:40:30.794-0400 [DEBUG] checking for provisioner in "."
2022-05-09T08:40:30.794-0400 [DEBUG] checking for provisioner in "/opt/homebrew/Cellar/tfenv/2.2.3/versions/1.0.11"
2022-05-09T08:40:30.794-0400 [DEBUG] checking for provisioner in "/Users/maleblond/.terraform.d/plugins"
2022-05-09T08:40:30.795-0400 [INFO]  Failed to read plugin lock file .terraform/plugins/darwin_arm64/lock.json: open .terraform/plugins/darwin_arm64/lock.json: no such file or directory
╷
│ Warning: Provider development overrides are in effect
│ 
│ The following provider development overrides are set in the CLI configuration:
│  - cloudflare/cloudflare in /Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare
│ 
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to become incompatible with published releases.
╵
2022-05-09T08:40:30.796-0400 [INFO]  backend/local: starting Plan operation
2022-05-09T08:40:32.830-0400 [DEBUG] backend/local: will prompt for input of unset required variables [cloudflare_api_token cloudflare_account_id]
var.cloudflare_account_id
  The cloudflare account ID


  Enter a value: 2022-05-09T08:40:32.830-0400 [DEBUG] command: asking for input: "var.cloudflare_account_id"
fake-account-id


2022-05-09T08:40:40.608-0400 [DEBUG] command: asking for input: "var.cloudflare_api_token"
var.cloudflare_api_token
  The cloudflare api token


  Enter a value: fake-api-token


2022-05-09T08:40:42.771-0400 [DEBUG] created provider logger: level=debug
2022-05-09T08:40:42.771-0400 [INFO]  provider: configuring client automatic mTLS
2022-05-09T08:40:42.795-0400 [DEBUG] provider: starting plugin: path=/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare args=[/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare]
2022-05-09T08:40:42.798-0400 [DEBUG] provider: plugin started: path=/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare pid=86600
2022-05-09T08:40:42.798-0400 [DEBUG] provider: waiting for RPC address: path=/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare
2022-05-09T08:40:42.847-0400 [INFO]  provider.terraform-provider-cloudflare: configuring server automatic mTLS: timestamp=2022-05-09T08:40:42.847-0400
2022-05-09T08:40:42.928-0400 [DEBUG] provider.terraform-provider-cloudflare: plugin address: network=unix address=/var/folders/ft/c_t2p1k135g25b4k0qsf17g40000gn/T/plugin2901817998 timestamp=2022-05-09T08:40:42.928-0400
2022-05-09T08:40:42.928-0400 [DEBUG] provider: using plugin: version=5
2022-05-09T08:40:43.011-0400 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-05-09T08:40:43.013-0400 [DEBUG] provider: plugin process exited: path=/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare pid=86600
2022-05-09T08:40:43.013-0400 [DEBUG] provider: plugin exited
2022-05-09T08:40:43.013-0400 [INFO]  terraform: building graph: GraphTypeValidate
2022-05-09T08:40:43.014-0400 [DEBUG] ProviderTransformer: "cloudflare_byo_ip_prefix.some_byoip_name" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022-05-09T08:40:43.014-0400 [DEBUG] ReferenceTransformer: "var.cloudflare_account_id" references: []
2022-05-09T08:40:43.014-0400 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" references: []
2022-05-09T08:40:43.014-0400 [DEBUG] ReferenceTransformer: "cloudflare_byo_ip_prefix.some_byoip_name" references: [var.cloudflare_account_id]
2022-05-09T08:40:43.014-0400 [DEBUG] ReferenceTransformer: "var.cloudflare_api_token" references: []
2022-05-09T08:40:43.014-0400 [DEBUG] Removing "var.cloudflare_api_token", filtered by targeting.
2022-05-09T08:40:43.015-0400 [DEBUG] Starting graph walk: walkValidate
2022-05-09T08:40:43.015-0400 [DEBUG] created provider logger: level=debug
2022-05-09T08:40:43.015-0400 [INFO]  provider: configuring client automatic mTLS
2022-05-09T08:40:43.038-0400 [DEBUG] provider: starting plugin: path=/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare args=[/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare]
2022-05-09T08:40:43.041-0400 [DEBUG] provider: plugin started: path=/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare pid=86601
2022-05-09T08:40:43.041-0400 [DEBUG] provider: waiting for RPC address: path=/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare
2022-05-09T08:40:43.052-0400 [INFO]  provider.terraform-provider-cloudflare: configuring server automatic mTLS: timestamp=2022-05-09T08:40:43.052-0400
2022-05-09T08:40:43.128-0400 [DEBUG] provider.terraform-provider-cloudflare: plugin address: address=/var/folders/ft/c_t2p1k135g25b4k0qsf17g40000gn/T/plugin3220953085 network=unix timestamp=2022-05-09T08:40:43.128-0400
2022-05-09T08:40:43.128-0400 [DEBUG] provider: using plugin: version=5
2022-05-09T08:40:43.210-0400 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-05-09T08:40:43.211-0400 [DEBUG] provider: plugin process exited: path=/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare pid=86601
2022-05-09T08:40:43.211-0400 [DEBUG] provider: plugin exited
2022-05-09T08:40:43.211-0400 [INFO]  backend/local: plan calling Plan
2022-05-09T08:40:43.211-0400 [INFO]  terraform: building graph: GraphTypePlan
2022-05-09T08:40:43.211-0400 [DEBUG] ProviderTransformer: "cloudflare_byo_ip_prefix.some_byoip_name (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/cloudflare/cloudflare"]
2022-05-09T08:40:43.212-0400 [DEBUG] ReferenceTransformer: "cloudflare_byo_ip_prefix.some_byoip_name (expand)" references: [var.cloudflare_account_id]
2022-05-09T08:40:43.212-0400 [DEBUG] ReferenceTransformer: "var.cloudflare_api_token" references: []
2022-05-09T08:40:43.212-0400 [DEBUG] ReferenceTransformer: "var.cloudflare_account_id" references: []
2022-05-09T08:40:43.212-0400 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" references: []
2022-05-09T08:40:43.212-0400 [DEBUG] Removing "cloudflare_byo_ip_prefix.ripe_185_146_172_0_24 (expand)", filtered by targeting.
2022-05-09T08:40:43.212-0400 [DEBUG] Removing "var.cloudflare_api_token", filtered by targeting.
2022-05-09T08:40:43.212-0400 [DEBUG] Starting graph walk: walkPlan
2022-05-09T08:40:43.212-0400 [DEBUG] created provider logger: level=debug
2022-05-09T08:40:43.212-0400 [INFO]  provider: configuring client automatic mTLS
2022-05-09T08:40:43.234-0400 [DEBUG] provider: starting plugin: path=/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare args=[/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare]
2022-05-09T08:40:43.237-0400 [DEBUG] provider: plugin started: path=/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare pid=86602
2022-05-09T08:40:43.237-0400 [DEBUG] provider: waiting for RPC address: path=/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare
2022-05-09T08:40:43.246-0400 [INFO]  provider.terraform-provider-cloudflare: configuring server automatic mTLS: timestamp=2022-05-09T08:40:43.246-0400
2022-05-09T08:40:43.321-0400 [DEBUG] provider.terraform-provider-cloudflare: plugin address: network=unix address=/var/folders/ft/c_t2p1k135g25b4k0qsf17g40000gn/T/plugin2814382180 timestamp=2022-05-09T08:40:43.321-0400
2022-05-09T08:40:43.321-0400 [DEBUG] provider: using plugin: version=5
2022-05-09T08:40:43.398-0400 [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/cloudflare/cloudflare\"]" changed the config value, but that value is unused
2022-05-09T08:40:43.398-0400 [INFO]  provider.terraform-provider-cloudflare: 2022/05/09 08:40:43 [INFO] Cloudflare Client configured for user:: timestamp=2022-05-09T08:40:43.398-0400
2022-05-09T08:40:43.399-0400 [INFO]  provider.terraform-provider-cloudflare: 2022/05/09 08:40:43 [INFO] Using specified account id fake_account_id in Cloudflare provider: timestamp=2022-05-09T08:40:43.398-0400
2022-05-09T08:40:43.399-0400 [INFO]  provider.terraform-provider-cloudflare: 2022/05/09 08:40:43 [INFO] Cloudflare Client configured for user:: timestamp=2022-05-09T08:40:43.399-0400
2022-05-09T08:40:43.399-0400 [INFO]  ReferenceTransformer: reference not found: "var.cloudflare_account_id"
2022-05-09T08:40:43.399-0400 [DEBUG] ReferenceTransformer: "cloudflare_byo_ip_prefix.some_byoip_name" references: []
cloudflare_byo_ip_prefix.some_byoip_name: Refreshing state... [id=fake-prefix]
2022-05-09T08:40:43.403-0400 [INFO]  provider.terraform-provider-cloudflare: 2022/05/09 08:40:43 [DEBUG] Cloudflare API Request Details:
---[ REQUEST ]---------------------------------------
GET /client/v4/accounts//addressing/prefixes/fake-prefix HTTP/1.1
Host: api.cloudflare.com
User-Agent: terraform/1.0.11 terraform-plugin-sdk/2.10.1 terraform-provider-cloudflare/dev
Authorization: [redacted]
Content-Type: application/json
Accept-Encoding: gzip




-----------------------------------------------------: timestamp=2022-05-09T08:40:43.403-0400
2022-05-09T08:40:43.711-0400 [INFO]  provider.terraform-provider-cloudflare: 2022/05/09 08:40:43 [DEBUG] Cloudflare API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 400 Bad Request
Connection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Cf-Cache-Status: DYNAMIC
Cf-Ray: 708a81595cfe4bd1-YUL
Content-Type: application/json
Date: Mon, 09 May 2022 12:40:43 GMT
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires: Sun, 25 Jan 1981 05:00:00 GMT
Pragma: no-cache
Server: cloudflare
Set-Cookie: [redacted]
Set-Cookie: [redacted]
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN


{
 "success": false,
 "errors": [
  {
   "code": 7003,
   "message": "Could not route to \/accounts\/addressing\/prefixes\/fake-prefix, perhaps your object identifier is invalid?"
  },
  {
   "code": 7000,
   "message": "No route for that URI"
  }
 ],
 "messages": [],
 "result": null
}
-----------------------------------------------------: timestamp=2022-05-09T08:40:43.711-0400
2022-05-09T08:40:43.712-0400 [INFO]  backend/local: plan operation completed
╷
│ Warning: Resource targeting is in effect
│ 
│ You are creating a plan with the -target option, which means that the result of this plan may not represent all of the changes requested by the current configuration.
│ 
│ The -target option is not for routine use, and is provided only for exceptional situations such as recovering from errors or mistakes, or when Terraform specifically suggests to use it as part of an error message.
╵
╷
│ Error: error reading IP prefix information for "fake-prefix": Could not route to /accounts/addressing/prefixes/fake-prefix, perhaps your object identifier is invalid? (7003), No route for that URI (7000)
│ 
│   with cloudflare_byo_ip_prefix.some_byoip_name,
│   on 23_227_37_0_24.tf line 1, in resource "cloudflare_byo_ip_prefix" "some_byoip_name":
│    1: resource "cloudflare_byo_ip_prefix" "some_byoip_name" {
│ 
╵
2022-05-09T08:40:44.007-0400 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-05-09T08:40:44.008-0400 [DEBUG] provider: plugin process exited: path=/Users/maleblond/src/github.com/cloudflare/terraform-provider-cloudflare/terraform-provider-cloudflare pid=86602
2022-05-09T08:40:44.008-0400 [DEBUG] provider: plugin exited

Panic output

No response

Expected output

The terraform plan detects no change, because we simply configured an explicit account_id (same as the previous implicit one).

Actual output

│ Error: error reading IP prefix information for "<prefix-id>": Could not route to /accounts/addressing/prefixes/<prefix-id>, perhaps your object identifier is invalid? (7003), No route for that URI (7000)

Steps to reproduce

1. Create a cloudflare_byo_ip_prefix with a version of cloudflare provider that doesn't include this change: build(deps): bump github.com/cloudflare/cloudflare-go from 0.36.0 to 0.37.0 #1563
   2- Update the cloudflare provider version to the current latest one (3.14)
   3- Add an account_id field to cloudflare_byo_ip_prefix and set it to the correct value. terraform plan will fail

Additional factoids

Not super familiar with terraform so I don't know what the proper fix should be here. By debugging locally, I noticed that the ReadContext function of the resource doesn't receive the "desired state" as the second argument, but rather the current stored state (which doesn't include an account_id, causing the API path to be incomplete, /accounts/addressing/prefixes/<prefix-id> instead of /accounts/<account_id>/addressing/prefixes/<prefix-id>):

terraform-provider-cloudflare/cloudflare/resource_cloudflare_byo_ip_prefix.go

Line 46 in 285233c

func resourceCloudflareBYOIPPrefixRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {

Is that expected? A workaround I thought of but haven't tested would be to use terraform state pull to pull the current resource state, update the state file to add the account_id property on our cloudflare_byo_ip_prefix resource, and then use terraform state push, but that doesn't seem ideal.

Also, I noticed that the account_id field wasn't documented publicly: https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/byo_ip_prefix

References

I think this is happening because of #1563

[github-actions]

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

[maleblond]

Added debug logs

[jacobbednarz]

I think this is happening because of #1563

yep, this will be because of that and the schema missing. you can fix this manually by either recreating the resource or adding "account_id":"..." to your state file with the other attributes. there wasn't really a great (automated) path for this as cloudflare.UsingAccount required configuration from the user to operate and we couldn't automatically determine that.