terraform-provider-oci icon indicating copy to clipboard operation
terraform-provider-oci copied to clipboard

Published 20 hours ago verified publisher icon oracle

oci_objectstorage_preauthrequest incorrectly deletes & replaces the resource every time

Open dch opened this issue 1 year ago • 4 comments
trafficstars

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

Terraform v1.7.5-dev on freebsd_amd64
+ provider registry.terraform.io/oracle/oci v5.36.0

Affected Resource(s)

  • oci_objectstorage_preauthrequest

Terraform Configuration Files

resource "oci_objectstorage_preauthrequest" "pkg" {
    access_type = "AnyObjectRead"
    bucket_listing_action = "ListObjects"
    bucket = "pkg"
    name = "pkg_repo_readonly"
    namespace = var.tenancy_namespace
    time_expires = "2038-01-01T12:00:00Z"
}

Debug Output

$ terraform apply
...
  # oci_objectstorage_preauthrequest.pkg must be replaced
-/+ resource "oci_objectstorage_preauthrequest" "pkg" {
      ~ access_uri            = "/p/Iny9Mn_WoSmYcZvSMRVhU-ZMljp4TdYkxLHAbcqNSAQZo4YCenX60Cl_orgioox_/n/axvxsnomswgi/b/pkg/o/" -> (known after apply)
      + bucket_listing_action = "ListObjects" # forces replacement
      ~ full_path             = "https://axvxsnomswgi.objectstorage.eu-amsterdam-1.oci.customer-oci.com/p/.../n/axvxsnomswgi/b/pkg/o/" -> (known after apply)
      ~ id                    = "n/axvxsnomswgi/b/pkg/p/..." -> (known after apply)
        name                  = "pkg_repo_readonly"
      + object                = (known after apply)
      + object_name           = (known after apply)
      ~ par_id                = "..." -> (known after apply)
      ~ time_created          = "2024-04-11 21:25:50.045 +0000 UTC" -> (known after apply)
        # (4 unchanged attributes hidden)
    }
  • full TF_LOG available privately

Expected Behavior

a previously created PAR should not be deleted.

Actual Behavior

The PARs are deleted, and we need to re-distribute these on every single terraform run.

Steps to Reproduce

  • Make a bucket
  • add a PAR With "Object List" capability
  • run terraform apply and watch it replace every single time

References

This has been the case for a couple of years at least: https://github.com/oracle/terraform-provider-oci/issues/1570

dch avatar Apr 11 '24 21:04 dch

Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.

tf-oci-pub avatar Apr 12 '24 06:04 tf-oci-pub

To work around this bug we used the ignore_changes lifecycle attribute to instruct terraform to ignore changes to bucket_listing_action. Once added, terraform no longer attempts to recreate the oci_objectstorage_preauthrequest resource.

jacobcsmith avatar Jun 19 '24 00:06 jacobcsmith

@jacobcsmith interesting. can you give a more complete example of this please? thanks!

dch avatar Jun 19 '24 04:06 dch

Using your example it would be like this

resource "oci_objectstorage_preauthrequest" "pkg" {
    access_type = "AnyObjectRead"
    bucket_listing_action = "ListObjects"
    bucket = "pkg"
    name = "pkg_repo_readonly"
    namespace = var.tenancy_namespace
    time_expires = "2038-01-01T12:00:00Z"
    
    lifecycle {
      ignore_changes = [bucket_listing_action]
    }
}

jacobcsmith avatar Jun 19 '24 12:06 jacobcsmith