Open ocofaigh opened 7 months ago
@tyao117 FYI I reproduced this again in our weekly tests:
│ Error: UpdateSettingsWithContext failed A service-to-service authorization policy is missing between Cloud Object Storage and Security and Compliance Center.
│ {
│ "StatusCode": 401,
│ "Headers": {
│ "Cache-Control": [
│ "no-store"
│ ],
│ "Cf-Cache-Status": [
│ "DYNAMIC"
│ ],
│ "Cf-Ray": [
│ "85c0a0c7ea1e346d-DFW"
│ ],
│ "Content-Length": [
│ "318"
│ ],
│ "Content-Type": [
│ "application/json; charset=utf-8"
│ ],
│ "Date": [
│ "Tue, 27 Feb 2024 13:03:28 GMT"
│ ],
│ "Server": [
│ "cloudflare"
│ ],
│ "Strict-Transport-Security": [
│ "max-age=31536000; includeSubDomains"
│ ],
│ "Transaction-Id": [
│ "ed483ca4-9dea-4dc4-9f24-736fd1b90605"
│ ],
│ "X-Content-Type-Options": [
│ "nosniff"
│ ],
│ "X-Correlation-Id": [
│ "ed483ca4-9dea-4dc4-9f24-736fd1b90605"
│ ],
│ "X-Envoy-Upstream-Service-Time": [
│ "882"
│ ],
│ "X-Ratelimit-Limit": [
│ "10"
│ ],
│ "X-Ratelimit-Remaining": [
│ "9"
│ ],
│ "X-Ratelimit-Reset": [
│ "1709039068"
│ ],
│ "X-Request-Id": [
│ "7629033a-3c03-48dc-88a0-7f64e65d44a1"
│ ]
│ },
│ "Result": {
│ "errors": [
│ {
│ "code": "Unauthorized",
│ "message": "A service-to-service authorization policy is missing between Cloud Object Storage and Security and Compliance Center.",
│ "more_info": "https://cloud.ibm.com/apidocs/security-compliance-admin",
│ "ref": "ADM22002"
│ }
│ ],
│ "status_code": 401,
│ "trace": "ed483ca4-9dea-4dc4-9f24-736fd1b90605"
│ },
│ "RawResult": null
│ }
│
│
│ with module.create_scc_instance.ibm_scc_instance_settings.scc_instance_settings,
│ on ../../main.tf line 42, in resource "ibm_scc_instance_settings" "scc_instance_settings":
│ 42: resource "ibm_scc_instance_settings" "scc_instance_settings" {
│
╵}
While trying to use
ibm_scc_instance_settings
to connect a COS bucket to an SCC instance, the terraform apply failed with the error below saying there was a missing auth policy between SCC and COS. However, as you can see from the logs (and the code), the auth policy WAS created by terraform. We even added a 30 second sleep after it was created before callingibm_scc_instance_settings
to ensure it existed, yet we hit the error.ERROR:
Proof that auth policy got created:
Community Note
Terraform CLI and Terraform IBM Provider Version
ibm provider 1.62.0 tf 1.5.7
Affected Resource(s)
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
Run terraform apply on -> https://github.com/terraform-ibm-modules/terraform-ibm-scc/tree/main/examples/complete
Debug Output
terraform-ibm-scc-test-logs-240220-112259.tar.gz
Panic Output
Expected Behavior
No error
Actual Behavior
Error as per above
Steps to Reproduce
terraform apply
Important Factoids
After the issue occurred, I manually went to the instance and was able to attach the COS bucket. This might of worked if I did a re-apply of the terraform code, but I did not have access to the statefile in order to do that.
References
0000