DXE-3681 SECKSD-25367 Terraform import match_target - Error : Value not found: match_target

[benbrd]

terraform import match_target issue causing duplicate match_target resources created in security configuration as the previous one is not sync with the tfstate file. This is a blocker for our customers trying to manage their security configuration as code.

Terraform Version

$ terraform -v Terraform v1.8.1 on linux_amd64

Affected Resource(s)

terraform import akamai_appsec_match_target

Debug Output

module.security.akamai_appsec_match_target.website_7863884: Importing from ID "101079:7863884"...
module.security.akamai_appsec_match_target.website_7863884: Import prepared!
  Prepared akamai_appsec_match_target for import
module.security.akamai_appsec_match_target.website_7863884: Refreshing state... [id=101079:7863884]
╷
│ Error: value not found: match_target
│
│
╵

Expected Behavior

Import successful!

Actual Behavior

Error: value not found: match_target

Steps to Reproduce

1. Use Akamai CLI to export an existing security configuration with command akamai terraform export-appsec <config_name>
2. Run sh ./appsec-import.sh to start importing the configuration into the local Terraform state.

[benbrd]

After some testing on my side it appears that when forcing with v5.5.0 of the provider, the import is successful :

$ terraform import module.security.akamai_appsec_match_target.website_7863884 101079:7863884
module.security.data.akamai_group.group: Reading...
module.security.data.akamai_group.group: Read complete after 1s [id=grp_215942]
module.security.akamai_appsec_match_target.website_7863884: Importing from ID "101079:7863884"...
module.security.akamai_appsec_match_target.website_7863884: Import prepared!
  Prepared akamai_appsec_match_target for import
module.security.akamai_appsec_match_target.website_7863884: Refreshing state... [id=101079:7863884]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

[lsadlon]

Hi @benbrd

So it works for you with v5.5.0 version of provider, but is still failing with newer ones?

BR, Lukasz

[DhroovP]

Hi, we are also having the same issue using akamai/akamai 6.2.0 and Terraform 1.8.5. None of the match_target imports are working, we are also trying to run the sh file from the akamai terraform export command.

Forcing 5.5.0 worked for us as a temporary solution as well. Let me know if I can help by providing any more information.

Edit: Forcing 5.5.0 allows the import to work, but running terraform plan no longer works. I'm assuming that's because the Terraform files created by the export command are not compatible with 5.5.0 since they'd most likely be generated from a newer version.

[jaescalo]

As a temporary work-around you can still use the latest "akamai terraform" CLI version 1.15.0 and do the following:

1. Perform the "appsec-export" as usual using the "akamai terraform" CLI
2. Modify all the versions files to fix the provider version to 5.5.0. That is in the appsec-versions.tf, ./modules/activate-security/versions.tf and ./modules/security/versions.tf set version = "= 5.5.0"
3. In the appsec-import.sh comment out all the lines that are NOT imports for the akamai_appsec_match_target
4. Execute the appsec-import.sh which at this point should initialize the provider 5.5.0 and import only the match targets.
5. Modify again all the versions files and fix the version argument version = "= 6.2.0".
6. Because of the provider version change, you need to re-initialize TF with the upgrade option: terraform init -upgrade
7. Now comment out ONLY the akamai_appsec_match_target lines from the appsec-import.sh file and save it.
8. Run the appsec-import.sh again. It should import all of the remaining resources.

I tested this with Terraform version 1.7.5, but I don't believe it makes a difference if you use 1.8.5.

[lkowalsk-akamai-com]

Hi @benbrd, this should be fixed in the recent 6.4.0 release.