Importing a cloudflare_zone resource results in account_id missing from config

[koitsu]

Found a bug? Maybe our Slack Community can help.

Describe the Bug

When using terraform import to import a cloudflare_zone (per documentation), there is a configuration mismatch between what the cloudposse module defines dynamically vs. what import actually imported.

Specifically, the configuration the cloudposse module generates lacks account_id (i.e. wants to remove it), and the module offers no way to set this parameter.

Important detail

I am aware that the official cloudflare provider labels the Account ID as optional. I suspect the provider determines the account ID based on the zone ID. Thus, I am not really sure who to report the bug to -- one could argue the cloudflare provider shouldn't need the account_id setting at all, but it's clear that at least as of cloudflare version 3.33.1, they store the data that the API returns.

I'm therefore left feeling that cloudposse/terraform-cloudflare-zone should try to be as compatible as possible with the data that the official provider pulls in.

If you feel differently, then we can close this ticket and I will open up a bug report with the folks who maintain the cloudflare provider, asking that account_id be removed from the data imported (for zones) altogether.

Example demonstration

Terraform configuration:

module "zone" {
  source = "cloudposse/zone/cloudflare"
  version = "0.3.0"
  zone = "domain.com"
}

Import:

$ terraform import module.zone.cloudflare_zone.default[0] ZONEID
module.zone.cloudflare_zone.default[0]: Importing from ID "ZONEID"...
module.zone.cloudflare_zone.default[0]: Import prepared!
  Prepared cloudflare_zone for import
module.zone.cloudflare_zone.default[0]: Refreshing state... [id=ZONEID]

Import successful!

Terraform state entry:

$ terraform state show 'module.zone.cloudflare_zone.default[0]'
# module.zone.cloudflare_zone.default[0]:
resource "cloudflare_zone" "default" {
    account_id          = "ACCOUNTID"
    id                  = "ZONEID"
    meta                = {
        "phishing_detected"  = false
        "wildcard_proxiable" = false
    }
    name_servers        = [
        "cory.ns.cloudflare.com",
        "kim.ns.cloudflare.com",
    ]
    paused              = false
    plan                = "free"
    status              = "active"
    type                = "full"
    vanity_name_servers = []
    zone                = "domain.com"
}

Terraform plan:

Terraform will perform the following actions:

  # module.zone.cloudflare_zone.default[0] will be updated in-place
  ~ resource "cloudflare_zone" "default" {
      - account_id          = "ACCOUNTID" -> null
        id                  = "ZONEID"
      + jump_start          = false
        # (8 unchanged attributes hidden)
    }

Environment

Anything that will help us triage the bug will help. Here are some ideas:

• OS: Linux, Ubuntu 22.04.1 (jammy) amd64
• Terraform version: 1.3.4
• Cloudflare provider version: 3.33.1