Trouble terraforming Cloudflare API Shield

Inheriting a clickops configuration of Cloudflare API Shield, I was trying to create a proper terraform code. Thankfully Cloudflare has a utility called cf-terraforming that allows import of manually create resources into Terraform code.

dude@build:~/cf_shield$ cf-terraforming generate --resource-type cloudflare_api_shield_operation --zone ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ --token XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
resource "cloudflare_api_shield_operation" "terraform_managed_resource_ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ" {
    endpoint = "/users"
    host = "apigw-dev.example.com"
    method = "GET"
    zone_id = "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"
}

resource "cloudflare_api_shield_operation" "terraform_managed_resource_ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ" {
    endpoint = "/users"
    host = "apigw-dev.example.com"
    method = "POST"
    zone_id = "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"
}

That looked OK-ish, but the resource ID’s seem to be identical… Sure enough, terraform was complaining about duplicate resources ID’s when trying to import them. So I figure I would see what kind of information I could pull out using Cloudflare API itself:

dude@build:~/cf_shield$ curl -X GET "https://api.cloudflare.com/client/v4/zones/ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ/api_gateway/operations/" \-H "Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" \-H "Content-Type:application/json"

{
    "result": [
        {
            "operation_id": "0a030d60-d0f8-4e0b-a0e1-1d7c9668fb02",
            "method": "GET",
            "host": "apigw-dev.example.com",
            "endpoint": "/users",
            "last_updated": "2025-04-28T09:50:37.697512Z"
        },
        {
            "operation_id": "28e90beb-d90f-4f1b-b95d-a319e30aeced",
            "method": "POST",
            "host": "apigw-dev.example.com",
            "endpoint": "/users",
            "last_updated": "2025-04-28T09:51:18.100454Z"
        },
        {
            "operation_id": "4e8854f0-3062-445a-8de6-0aa3b48c363a",
            "method": "POST",
            "host": "apigw-dev.example.com",
            "endpoint": "/users-2",
            "last_updated": "2025-04-28T09:53:10.305594Z"
        },
    ]
}

Cool, there is operation_id. So in the end each endpoint had toi be imported using its operation_id like so:

dude@build:~/cf_shield$ terraform import cloudflare_api_shield_operation.example 'ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ/0a030d60d0f84e0ba0e11d7c9668fb02'