[scc] Failure when attempting to update schedule for resource ibm_scc_profile_attachment

jor2 commented 2 days ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform IBM Provider Version

Affected Resource(s)

ibm_scc_profile_attachment

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

main.tf

locals {
  scc_instance_id = ""
  scc_profile_id = ""
  account_id = ""
  resource_group_id = ""
}

data "ibm_scc_profile" "scc_profile" {
  instance_id = local.scc_instance_id
  profile_id  = local.scc_profile_id
}

resource "ibm_scc_profile_attachment" "scc_profile_attachment" {
  profile_id  = local.scc_profile_id
  instance_id = local.scc_instance_id
  name        = "test-attachment"
  description = "test-attachment description"
  # To workaround https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5207 we set schedule to 'daily' here even though 'none' was passed in.
  # The end result will be the schedule being set to none since the 'status' option below sets that.
  schedule = "every_30_days"
  status   = "disabled"

  scope {
    environment = "ibm-cloud"
    properties {
      name  = "scope_type"
      value = "account"
    }
    properties {
      name  = "scope_id"
      value = local.account_id
    }
    properties {
      name  = "scope_type"
      value = "account.resource_group"
    }
    properties {
      name  = "scope_id"
      value = local.resource_group_id
    }
  }

  dynamic "attachment_parameters" {
    for_each = data.ibm_scc_profile.scc_profile.default_parameters
    content {
      parameter_name         = attachment_parameters.value["parameter_name"]
      parameter_display_name = attachment_parameters.value["parameter_display_name"]
      parameter_type         = attachment_parameters.value["parameter_type"]
      parameter_value        = attachment_parameters.value["parameter_default_value"]
      assessment_type        = attachment_parameters.value["assessment_type"]
      assessment_id          = attachment_parameters.value["assessment_id"]
    }
  }

  notifications {
    enabled = false
    controls {
      failed_control_ids = []
      threshold_limit    = 15
    }
  }
}

provider.tf

########################################################################################################################
# Provider config
########################################################################################################################

provider "ibm" {
  ibmcloud_api_key = var.ibmcloud_api_key
  region           = "us-south"
}

version.tf

terraform {
  required_version = ">= 1.3.0"
  # Lock DA into an exact provider version - renovate automation will keep it updated
  required_providers {
    ibm = {
      source  = "IBM-Cloud/ibm"
      version = "1.69.2"
    }
    time = {
      source  = "hashicorp/time"
      version = "0.12.1"
    }
  }
}

Debug Output

{"description":"test-attachment description","instance_id":"908669fa-f9f4-4f20-82b2-ebc943800989","name":"test-attachment","notifications":{"enabled":false,"controls":{"threshold_limit":15}},"profile_id":"0c8b9026-9c77-4384-9f6e-7bed5c25c49f","schedule":"every_7_days","scope":[{"environment":"ibm-cloud","properties":[{"name":"scope_type","value":"account"},{"name":"scope_id","value":"abac0df06b644a9cabc6e44f55b3880e"}]}],"status":"disabled"}: timestamp="2024-10-10T14:40:11.699+0100"
2024-10-10T14:40:11.699+0100 [INFO]  provider.terraform-provider-ibm_v1.69.2: 2024/10/10 14:40:11 [DEBUG] PUT https://us-south.compliance.cloud.ibm.com/instances/908669fa-f9f4-4f20-82b2-ebc943800989/v3/profiles/0c8b9026-9c77-4384-9f6e-7bed5c25c49f/attachments/47dce544-8d8e-47a1-9706-7ce23db42e9d: timestamp="2024-10-10T14:40:11.699+0100"
2024-10-10T14:40:13.688+0100 [INFO]  provider.terraform-provider-ibm_v1.69.2: 2024/10/10 14:40:13 [Debug] Response:
HTTP/2.0 400 Bad Request
Content-Length: 176
Cache-Control: no-store
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d07055628a25d42-FRA
Content-Type: application/json; charset=utf-8
Date: Thu, 10 Oct 2024 13:40:13 GMT
Server: cloudflare
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transaction-Id: f9de01bd-4ecd-4112-9ea6-435cd8d55671
X-Content-Type-Options: nosniff
X-Correlation-Id: 59fd8c0d-de51-4224-8d56-ca40d43cdb23
X-Envoy-Upstream-Service-Time: 1129
X-Request-Id: 4ff53f69-aafb-4560-bdeb-49c8585af294

{"errors":[{"code":"bad_request","message":"Necessary attachment parameters are not available to create or update attachment."}],"trace":"59fd8c0d-de51-4224-8d56-ca40d43cdb23"}: timestamp="2024-10-10T14:40:13.688+0100"
2024-10-10T14:40:13.689+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: ReplaceProfileAttachmentWithContext failed Necessary attachment parameters are not available to create or update attachment.
{
    "StatusCode": 400,
    "Headers": {
        "Cache-Control": [
            "no-store"
        ],
        "Cf-Cache-Status": [
            "DYNAMIC"
        ],
        "Cf-Ray": [
            "8d07055628a25d42-FRA"
        ],
        "Content-Length": [
            "176"
        ],
        "Content-Type": [
            "application/json; charset=utf-8"
        ],
        "Date": [
            "Thu, 10 Oct 2024 13:40:13 GMT"
        ],
        "Server": [
            "cloudflare"
        ],
        "Strict-Transport-Security": [
            "max-age=31536000; includeSubDomains"
        ],
        "Transaction-Id": [
            "f9de01bd-4ecd-4112-9ea6-435cd8d55671"
        ],
        "X-Content-Type-Options": [
            "nosniff"
        ],
        "X-Correlation-Id": [
            "59fd8c0d-de51-4224-8d56-ca40d43cdb23"
        ],
        "X-Envoy-Upstream-Service-Time": [
            "1129"
        ],
        "X-Request-Id": [
            "4ff53f69-aafb-4560-bdeb-49c8585af294"
        ]
    },
    "Result": {
        "errors": [
            {
                "code": "bad_request",
                "message": "Necessary attachment parameters are not available to create or update attachment."
            }
        ],
        "trace": "59fd8c0d-de51-4224-8d56-ca40d43cdb23"
    },
    "RawResult": null
}: timestamp="2024-10-10T14:40:13.689+0100"
2024-10-10T14:40:13.699+0100 [ERROR] provider.terraform-provider-ibm_v1.69.2: Response contains error diagnostic: tf_resource_type=ibm_scc_profile_attachment tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov5/internal/diag/diagnostics.go:58 @module=sdk.proto diagnostic_detail="" diagnostic_severity=ERROR

Panic Output

Expected Behavior

It should have updated or recreated the attachment parameter with the new values provided.

Actual Behavior

It fails when attempting to update the schedule.

Steps to Reproduce

Run terraform apply on the above code after providing the necessary values in locals. After the apply is complete you should update the attachment schedule from every_30_days to every_7_day and once again run terraform apply. It will fail with the above listed error.

Important Factoids

References

0000

jor2 commented 2 days ago

There is one more issue I came across where when I update the status variable from enabled to disabled and run terraform apply it will appear as if it is changing the value, but if I then run terraform apply again it will show the value has not actually updated to disabled and is in fact still enabled. This also applies when you update the resource group in the scope.

jor2 commented 2 days ago

Profile AI Security Guardrails 2.0 was used in testing.

jor2 commented 2 days ago

Full trace logs

2024-10-10T14:40:10.378+0100 [INFO]  backend/local: apply calling Apply
2024-10-10T14:40:10.378+0100 [DEBUG] Building and walking apply graph for NormalMode plan
2024-10-10T14:40:10.381+0100 [DEBUG] ProviderTransformer: "ibm_scc_profile_attachment.scc_profile_attachment" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/ibm-cloud/ibm"]
2024-10-10T14:40:10.381+0100 [DEBUG] ProviderTransformer: "ibm_scc_profile_attachment.scc_profile_attachment (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ibm-cloud/ibm"]
2024-10-10T14:40:10.381+0100 [DEBUG] ProviderTransformer: "data.ibm_scc_profile.scc_profile (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ibm-cloud/ibm"]
2024-10-10T14:40:10.381+0100 [DEBUG] pruning unused provider["registry.terraform.io/hashicorp/time"]
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "local.account_id (expand)" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.existing_cos_instance_crn" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.cos_instance_tags" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.provision_scc_workload_protection" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.existing_monitoring_crn" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_workload_protection_resource_key_tags" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.add_bucket_name_suffix" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.existing_scc_instance_crn" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_en_from_email" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.skip_scc_cos_auth_policy" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.resource_group_name" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_cos_bucket_access_tags" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_cos_bucket_class (validation)" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.attachment_schedule (validation)" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.kms_endpoint_type" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.use_existing_resource_group" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_service_plan" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.skip_scc_workload_protection_auth_policy" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_cos_key_ring_name" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "local.scc_profile_id (expand)" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_instance_name" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "local.resource_group_id (expand)" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "ibm_scc_profile_attachment.scc_profile_attachment" references: [local.scc_profile_id (expand) local.scc_instance_id (expand) data.ibm_scc_profile.scc_profile (expand) local.account_id (expand)]
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_workload_protection_instance_tags" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_cos_bucket_class" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.existing_en_crn" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.prefix" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.profile_attachments" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_workload_protection_service_plan (validation)" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.management_endpoint_type_for_bucket (validation)" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "ibm_scc_profile_attachment.scc_profile_attachment (expand)" references: [local.scc_instance_id (expand) local.scc_profile_id (expand) data.ibm_scc_profile.scc_profile (expand) local.account_id (expand)]
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_en_reply_to_email" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.existing_scc_cos_bucket_name" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_en_email_list" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.attachment_schedule" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_workload_protection_service_plan" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.ibmcloud_api_key" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.cos_region" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_workload_protection_access_tags (validation)" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.existing_activity_tracker_crn" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_workload_protection_access_tags" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.management_endpoint_type_for_bucket" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_cos_key_name" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.kms_endpoint_type (validation)" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/ibm-cloud/ibm\"]" references: [var.ibmcloud_api_key]
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "data.ibm_scc_profile.scc_profile (expand)" references: [local.scc_instance_id (expand) local.scc_profile_id (expand)]
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.cos_instance_access_tags" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_cos_bucket_name" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.existing_kms_instance_crn" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.cos_instance_name" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.resource_groups_scope (validation)" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "local.scc_instance_id (expand)" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.existing_scc_cos_kms_key_crn" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.skip_cos_kms_auth_policy" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_workload_protection_instance_name" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_instance_tags" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_service_plan (validation)" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.scc_region" references: []
2024-10-10T14:40:10.382+0100 [DEBUG] ReferenceTransformer: "var.resource_groups_scope" references: []
2024-10-10T14:40:10.383+0100 [DEBUG] pruneUnusedNodes: var.scc_cos_bucket_class (validation) is no longer needed, removing
2024-10-10T14:40:10.383+0100 [DEBUG] pruneUnusedNodes: var.attachment_schedule (validation) is no longer needed, removing
2024-10-10T14:40:10.383+0100 [DEBUG] pruneUnusedNodes: local.resource_group_id (expand) is no longer needed, removing
2024-10-10T14:40:10.383+0100 [DEBUG] pruneUnusedNodes: var.scc_workload_protection_service_plan (validation) is no longer needed, removing
2024-10-10T14:40:10.383+0100 [DEBUG] pruneUnusedNodes: var.management_endpoint_type_for_bucket (validation) is no longer needed, removing
2024-10-10T14:40:10.383+0100 [DEBUG] pruneUnusedNodes: var.scc_workload_protection_access_tags (validation) is no longer needed, removing
2024-10-10T14:40:10.383+0100 [DEBUG] pruneUnusedNodes: var.kms_endpoint_type (validation) is no longer needed, removing
2024-10-10T14:40:10.383+0100 [DEBUG] pruneUnusedNodes: var.scc_service_plan (validation) is no longer needed, removing
2024-10-10T14:40:10.383+0100 [DEBUG] pruneUnusedNodes: var.resource_groups_scope (validation) is no longer needed, removing
2024-10-10T14:40:10.384+0100 [DEBUG] Starting graph walk: walkApply
2024-10-10T14:40:10.385+0100 [DEBUG] created provider logger: level=debug
2024-10-10T14:40:10.385+0100 [INFO]  provider: configuring client automatic mTLS
2024-10-10T14:40:10.390+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/ibm-cloud/ibm/1.69.2/darwin_arm64/terraform-provider-ibm_v1.69.2 args=[".terraform/providers/registry.terraform.io/ibm-cloud/ibm/1.69.2/darwin_arm64/terraform-provider-ibm_v1.69.2"]
2024-10-10T14:40:10.396+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/ibm-cloud/ibm/1.69.2/darwin_arm64/terraform-provider-ibm_v1.69.2 pid=59050
2024-10-10T14:40:10.396+0100 [DEBUG] provider: waiting for RPC address: plugin=.terraform/providers/registry.terraform.io/ibm-cloud/ibm/1.69.2/darwin_arm64/terraform-provider-ibm_v1.69.2
2024-10-10T14:40:10.438+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: 2024-10-10 14:40:10.438639 I | IBM Cloud Provider version 1.69.2  
2024-10-10T14:40:10.439+0100 [INFO]  provider.terraform-provider-ibm_v1.69.2: configuring server automatic mTLS: timestamp="2024-10-10T14:40:10.439+0100"
2024-10-10T14:40:10.465+0100 [DEBUG] provider: using plugin: version=5
2024-10-10T14:40:10.465+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: plugin address: address=/var/folders/3j/1nh3xl_94_q8k__yn_q_mw580000gn/T/plugin1526399618 network=unix timestamp="2024-10-10T14:40:10.464+0100"
2024-10-10T14:40:10.493+0100 [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/ibm-cloud/ibm\"]" changed the config value, but that value is unused
2024-10-10T14:40:10.493+0100 [INFO]  provider.terraform-provider-ibm_v1.69.2: Configuring IBM Cloud Session with API key: timestamp="2024-10-10T14:40:10.493+0100"
2024-10-10T14:40:10.493+0100 [INFO]  provider.terraform-provider-ibm_v1.69.2: Configured Region: us-south: timestamp="2024-10-10T14:40:10.493+0100"
2024-10-10T14:40:10.869+0100 [INFO]  provider.terraform-provider-ibm_v1.69.2: Configuring SoftLayer Session with token from IBM Cloud Session: timestamp="2024-10-10T14:40:10.869+0100"
2024-10-10T14:40:10.870+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: [DEBUG] REQUEST: [2024-10-10T14:40:10+01:00] POST /cloudfoundry/login/us-south/oauth/token HTTP/1.1
2024-10-10T14:40:10.871+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Host: iam.cloud.ibm.com
2024-10-10T14:40:10.871+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Accept: application/json
2024-10-10T14:40:10.871+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Accept-Language: en
2024-10-10T14:40:10.871+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Authorization: [PRIVATE DATA HIDDEN]
2024-10-10T14:40:10.871+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Content-Type: application/x-www-form-urlencoded
2024-10-10T14:40:10.871+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: User-Agent: Bluemix-go SDK 0.1 / darwin
2024-10-10T14:40:10.871+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: X-Original-User-Agent: terraform-provider-ibm/1.69.2
2024-10-10T14:40:10.871+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2
2024-10-10T14:40:10.871+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: grant_type=password&password=[PRIVATE DATA HIDDEN]&scope=&username=apikey
2024-10-10T14:40:11.025+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: [DEBUG] RESPONSE: [2024-10-10T14:40:11+01:00] Elapsed: 155ms HTTP/1.1 404 Not Found
2024-10-10T14:40:11.026+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Connection: close
2024-10-10T14:40:11.026+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Content-Length: 0
2024-10-10T14:40:11.026+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Akamai-Grn: 0.1f601302.1728567611.198c1655
2024-10-10T14:40:11.026+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Cache-Control: no-cache, no-store, must-revalidate
2024-10-10T14:40:11.026+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Content-Language: en-US
2024-10-10T14:40:11.026+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Date: Thu, 10 Oct 2024 13:40:11 GMT
2024-10-10T14:40:11.026+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Expires: 0
2024-10-10T14:40:11.026+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Pragma: no-cache
2024-10-10T14:40:11.026+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Strict-Transport-Security: max-age=31536000; includeSubDomains
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Transaction-Id: bGd2a2w-9723a8ade5394236841fe829e0344d20
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: X-Content-Type-Options: nosniff
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: X-Correlation-Id: bGd2a2w-9723a8ade5394236841fe829e0344d20
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: X-Proxy-Upstream-Service-Time: 13
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: X-Request-Id: a4c324e3-4401-4f1e-975a-6604ad5cb371
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: [DEBUG] REQUEST: [2024-10-10T14:40:11+01:00] POST /cloudfoundry/login/us-south/oauth/token HTTP/1.1
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Host: iam.cloud.ibm.com
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Accept: application/json
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Accept-Language: en
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Authorization: [PRIVATE DATA HIDDEN]
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Content-Type: application/x-www-form-urlencoded
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: User-Agent: Bluemix-go SDK 0.1 / darwin
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: X-Original-User-Agent: terraform-provider-ibm/1.69.2
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2
2024-10-10T14:40:11.028+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: grant_type=password&password=[PRIVATE DATA HIDDEN]&scope=&username=apikey
2024-10-10T14:40:11.189+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: [DEBUG] RESPONSE: [2024-10-10T14:40:11+01:00] Elapsed: 161ms HTTP/1.1 404 Not Found
2024-10-10T14:40:11.189+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Connection: close
2024-10-10T14:40:11.189+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Content-Length: 0
2024-10-10T14:40:11.189+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Akamai-Grn: 0.74601302.1728567611.8f47e56
2024-10-10T14:40:11.189+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Cache-Control: no-cache, no-store, must-revalidate
2024-10-10T14:40:11.189+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Content-Language: en-US
2024-10-10T14:40:11.189+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Date: Thu, 10 Oct 2024 13:40:11 GMT
2024-10-10T14:40:11.189+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Expires: 0
2024-10-10T14:40:11.189+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Pragma: no-cache
2024-10-10T14:40:11.189+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Strict-Transport-Security: max-age=31536000; includeSubDomains
2024-10-10T14:40:11.190+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: Transaction-Id: bmd4Yno-2761e19a4ce2469788b893853ab06529
2024-10-10T14:40:11.190+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: X-Content-Type-Options: nosniff
2024-10-10T14:40:11.190+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: X-Correlation-Id: bmd4Yno-2761e19a4ce2469788b893853ab06529
2024-10-10T14:40:11.190+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: X-Proxy-Upstream-Service-Time: 11
2024-10-10T14:40:11.190+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: X-Request-Id: 532d8f23-4d08-40fa-b641-7af3389831fd
2024-10-10T14:40:11.190+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2
ibm_scc_profile_attachment.scc_profile_attachment: Modifying... [id=908669fa-f9f4-4f20-82b2-ebc943800989/0c8b9026-9c77-4384-9f6e-7bed5c25c49f/47dce544-8d8e-47a1-9706-7ce23db42e9d]
2024-10-10T14:40:11.314+0100 [INFO]  Starting apply for ibm_scc_profile_attachment.scc_profile_attachment
2024-10-10T14:40:11.350+0100 [DEBUG] ibm_scc_profile_attachment.scc_profile_attachment: applying the planned Update change
2024-10-10T14:40:11.382+0100 [INFO]  provider.terraform-provider-ibm_v1.69.2: 2024/10/10 14:40:11 [Debug] Request:
POST /identity/token HTTP/1.1
Host: iam.cloud.ibm.com
User-Agent: ibm-go-sdk-core/iam-authenticator-5.17.4 (arch=arm64; os=darwin; go.version=go1.22.7)
Content-Length: 135
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

apikey=[redacted]&grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&response_type=cloud_iam: timestamp="2024-10-10T14:40:11.382+0100"
2024-10-10T14:40:11.382+0100 [INFO]  provider.terraform-provider-ibm_v1.69.2: 2024/10/10 14:40:11 [Debug] Invoking IAM 'get token' operation: https://iam.cloud.ibm.com/identity/token: timestamp="2024-10-10T14:40:11.382+0100"
2024-10-10T14:40:11.693+0100 [INFO]  provider.terraform-provider-ibm_v1.69.2: 2024/10/10 14:40:11 [Debug] Returned from IAM 'get token' operation, received status code 200: timestamp="2024-10-10T14:40:11.692+0100"
2024-10-10T14:40:11.698+0100 [INFO]  provider.terraform-provider-ibm_v1.69.2: 2024/10/10 14:40:11 [Debug] Response:
HTTP/1.1 200 OK
Akamai-Grn: 0.1f601302.1728567611.198c1746
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Language: en-US
Content-Type: application/json
Date: Thu, 10 Oct 2024 13:40:11 GMT
Expires: 0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transaction-Id: Z3piazg-2427eaf9d50e4a1c947826a7ef7362b8
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Correlation-Id: Z3piazg-2427eaf9d50e4a1c947826a7ef7362b8
X-Proxy-Upstream-Service-Time: 151
X-Request-Id: 48ec12ce-60cd-45c2-94ab-d68b27544d3b

{"access_token":"[redacted]","refresh_token":"[redacted]","ims_user_id":10480572,"token_type":"Bearer","expires_in":3600,"expiration":1728571208,"scope":"ibm openid"}: timestamp="2024-10-10T14:40:11.698+0100"
2024-10-10T14:40:11.699+0100 [INFO]  provider.terraform-provider-ibm_v1.69.2: 2024/10/10 14:40:11 [Debug] Request:
PUT /instances/908669fa-f9f4-4f20-82b2-ebc943800989/v3/profiles/0c8b9026-9c77-4384-9f6e-7bed5c25c49f/attachments/47dce544-8d8e-47a1-9706-7ce23db42e9d HTTP/1.1
Host: us-south.compliance.cloud.ibm.com
User-Agent: scc-go-sdk/5.4.1 (lang=go; arch=arm64; os=darwin; go.version=go1.22.7)
Content-Length: 446
Accept: application/json
Authorization: [redacted]
Content-Type: application/json
X-Original-User-Agent: terraform-provider-ibm/1.69.2
Accept-Encoding: gzip

{"description":"test-attachment description","instance_id":"908669fa-f9f4-4f20-82b2-ebc943800989","name":"test-attachment","notifications":{"enabled":false,"controls":{"threshold_limit":15}},"profile_id":"0c8b9026-9c77-4384-9f6e-7bed5c25c49f","schedule":"every_7_days","scope":[{"environment":"ibm-cloud","properties":[{"name":"scope_type","value":"account"},{"name":"scope_id","value":"abac0df06b644a9cabc6e44f55b3880e"}]}],"status":"disabled"}: timestamp="2024-10-10T14:40:11.699+0100"
2024-10-10T14:40:11.699+0100 [INFO]  provider.terraform-provider-ibm_v1.69.2: 2024/10/10 14:40:11 [DEBUG] PUT https://us-south.compliance.cloud.ibm.com/instances/908669fa-f9f4-4f20-82b2-ebc943800989/v3/profiles/0c8b9026-9c77-4384-9f6e-7bed5c25c49f/attachments/47dce544-8d8e-47a1-9706-7ce23db42e9d: timestamp="2024-10-10T14:40:11.699+0100"
2024-10-10T14:40:13.688+0100 [INFO]  provider.terraform-provider-ibm_v1.69.2: 2024/10/10 14:40:13 [Debug] Response:
HTTP/2.0 400 Bad Request
Content-Length: 176
Cache-Control: no-store
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8d07055628a25d42-FRA
Content-Type: application/json; charset=utf-8
Date: Thu, 10 Oct 2024 13:40:13 GMT
Server: cloudflare
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transaction-Id: f9de01bd-4ecd-4112-9ea6-435cd8d55671
X-Content-Type-Options: nosniff
X-Correlation-Id: 59fd8c0d-de51-4224-8d56-ca40d43cdb23
X-Envoy-Upstream-Service-Time: 1129
X-Request-Id: 4ff53f69-aafb-4560-bdeb-49c8585af294

{"errors":[{"code":"bad_request","message":"Necessary attachment parameters are not available to create or update attachment."}],"trace":"59fd8c0d-de51-4224-8d56-ca40d43cdb23"}: timestamp="2024-10-10T14:40:13.688+0100"
2024-10-10T14:40:13.689+0100 [DEBUG] provider.terraform-provider-ibm_v1.69.2: ReplaceProfileAttachmentWithContext failed Necessary attachment parameters are not available to create or update attachment.
{
    "StatusCode": 400,
    "Headers": {
        "Cache-Control": [
            "no-store"
        ],
        "Cf-Cache-Status": [
            "DYNAMIC"
        ],
        "Cf-Ray": [
            "8d07055628a25d42-FRA"
        ],
        "Content-Length": [
            "176"
        ],
        "Content-Type": [
            "application/json; charset=utf-8"
        ],
        "Date": [
            "Thu, 10 Oct 2024 13:40:13 GMT"
        ],
        "Server": [
            "cloudflare"
        ],
        "Strict-Transport-Security": [
            "max-age=31536000; includeSubDomains"
        ],
        "Transaction-Id": [
            "f9de01bd-4ecd-4112-9ea6-435cd8d55671"
        ],
        "X-Content-Type-Options": [
            "nosniff"
        ],
        "X-Correlation-Id": [
            "59fd8c0d-de51-4224-8d56-ca40d43cdb23"
        ],
        "X-Envoy-Upstream-Service-Time": [
            "1129"
        ],
        "X-Request-Id": [
            "4ff53f69-aafb-4560-bdeb-49c8585af294"
        ]
    },
    "Result": {
        "errors": [
            {
                "code": "bad_request",
                "message": "Necessary attachment parameters are not available to create or update attachment."
            }
        ],
        "trace": "59fd8c0d-de51-4224-8d56-ca40d43cdb23"
    },
    "RawResult": null
}: timestamp="2024-10-10T14:40:13.689+0100"
2024-10-10T14:40:13.699+0100 [ERROR] provider.terraform-provider-ibm_v1.69.2: Response contains error diagnostic: tf_resource_type=ibm_scc_profile_attachment tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov5/internal/diag/diagnostics.go:58 @module=sdk.proto diagnostic_detail="" diagnostic_severity=ERROR
  diagnostic_summary=
  | ReplaceProfileAttachmentWithContext failed Necessary attachment parameters are not available to create or update attachment.
  | {
  |     "StatusCode": 400,
  |     "Headers": {
  |         "Cache-Control": [
  |             "no-store"
  |         ],
  |         "Cf-Cache-Status": [
  |             "DYNAMIC"
  |         ],
  |         "Cf-Ray": [
  |             "8d07055628a25d42-FRA"
  |         ],
  |         "Content-Length": [
  |             "176"
  |         ],
  |         "Content-Type": [
  |             "application/json; charset=utf-8"
  |         ],
  |         "Date": [
  |             "Thu, 10 Oct 2024 13:40:13 GMT"
  |         ],
  |         "Server": [
  |             "cloudflare"
  |         ],
  |         "Strict-Transport-Security": [
  |             "max-age=31536000; includeSubDomains"
  |         ],
  |         "Transaction-Id": [
  |             "f9de01bd-4ecd-4112-9ea6-435cd8d55671"
  |         ],
  |         "X-Content-Type-Options": [
  |             "nosniff"
  |         ],
  |         "X-Correlation-Id": [
  |             "59fd8c0d-de51-4224-8d56-ca40d43cdb23"
  |         ],
  |         "X-Envoy-Upstream-Service-Time": [
  |             "1129"
  |         ],
  |         "X-Request-Id": [
  |             "4ff53f69-aafb-4560-bdeb-49c8585af294"
  |         ]
  |     },
  |     "Result": {
  |         "errors": [
  |             {
  |                 "code": "bad_request",
  |                 "message": "Necessary attachment parameters are not available to create or update attachment."
  |             }
  |         ],
  |         "trace": "59fd8c0d-de51-4224-8d56-ca40d43cdb23"
  |     },
  |     "RawResult": null
  | }
   tf_proto_version=5.4 tf_provider_addr=provider tf_req_id=c9791b0c-6eed-4a93-9803-0c3b0ed5cd5d timestamp="2024-10-10T14:40:13.699+0100"
2024-10-10T14:40:13.766+0100 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-10-10T14:40:13.766+0100 [ERROR] vertex "ibm_scc_profile_attachment.scc_profile_attachment" error: ReplaceProfileAttachmentWithContext failed Necessary attachment parameters are not available to create or update attachment.
{
    "StatusCode": 400,
    "Headers": {
        "Cache-Control": [
            "no-store"
        ],
        "Cf-Cache-Status": [
            "DYNAMIC"
        ],
        "Cf-Ray": [
            "8d07055628a25d42-FRA"
        ],
        "Content-Length": [
            "176"
        ],
        "Content-Type": [
            "application/json; charset=utf-8"
        ],
        "Date": [
            "Thu, 10 Oct 2024 13:40:13 GMT"
        ],
        "Server": [
            "cloudflare"
        ],
        "Strict-Transport-Security": [
            "max-age=31536000; includeSubDomains"
        ],
        "Transaction-Id": [
            "f9de01bd-4ecd-4112-9ea6-435cd8d55671"
        ],
        "X-Content-Type-Options": [
            "nosniff"
        ],
        "X-Correlation-Id": [
            "59fd8c0d-de51-4224-8d56-ca40d43cdb23"
        ],
        "X-Envoy-Upstream-Service-Time": [
            "1129"
        ],
        "X-Request-Id": [
            "4ff53f69-aafb-4560-bdeb-49c8585af294"
        ]
    },
    "Result": {
        "errors": [
            {
                "code": "bad_request",
                "message": "Necessary attachment parameters are not available to create or update attachment."
            }
        ],
        "trace": "59fd8c0d-de51-4224-8d56-ca40d43cdb23"
    },
    "RawResult": null
}
╷
│ Error: ReplaceProfileAttachmentWithContext failed Necessary attachment parameters are not available to create or update attachment.
│ {
│     "StatusCode": 400,
│     "Headers": {
│         "Cache-Control": [
│             "no-store"
│         ],
│         "Cf-Cache-Status": [
│             "DYNAMIC"
│         ],
│         "Cf-Ray": [
│             "8d07055628a25d42-FRA"
│         ],
│         "Content-Length": [
│             "176"
│         ],
│         "Content-Type": [
│             "application/json; charset=utf-8"
│         ],
│         "Date": [
│             "Thu, 10 Oct 2024 13:40:13 GMT"
│         ],
│         "Server": [
│             "cloudflare"
│         ],
│         "Strict-Transport-Security": [
│             "max-age=31536000; includeSubDomains"
│         ],
│         "Transaction-Id": [
│             "f9de01bd-4ecd-4112-9ea6-435cd8d55671"
│         ],
│         "X-Content-Type-Options": [
│             "nosniff"
│         ],
│         "X-Correlation-Id": [
│             "59fd8c0d-de51-4224-8d56-ca40d43cdb23"
│         ],
│         "X-Envoy-Upstream-Service-Time": [
│             "1129"
│         ],
│         "X-Request-Id": [
│             "4ff53f69-aafb-4560-bdeb-49c8585af294"
│         ]
│     },
│     "Result": {
│         "errors": [
│             {
│                 "code": "bad_request",
│                 "message": "Necessary attachment parameters are not available to create or update attachment."
│             }
│         ],
│         "trace": "59fd8c0d-de51-4224-8d56-ca40d43cdb23"
│     },
│     "RawResult": null
│ }
│ 
│ 
│   with ibm_scc_profile_attachment.scc_profile_attachment,
│   on main.tf line 13, in resource "ibm_scc_profile_attachment" "scc_profile_attachment":
│   13: resource "ibm_scc_profile_attachment" "scc_profile_attachment" {
│ 
╵
2024-10-10T14:40:13.787+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-10-10T14:40:13.789+0100 [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/ibm-cloud/ibm/1.69.2/darwin_arm64/terraform-provider-ibm_v1.69.2 id=59050
2024-10-10T14:40:13.789+0100 [DEBUG] provider: plugin exited

tyao117 commented 2 days ago

i just outputted the PUT payload you are sending in(the log line that starts with {"description":"test-attachment description","instance_id":"908669fa-f9f4-4f20-82b2-ebc943800989",). The payload isn't including the parameter_attachments.

Can you verify that the profile requires 34 profile_attachments to be included?

tyao117 commented 2 days ago

I found the issue. The Update flow doesn't place the parameters during the update flow if the attachment parameters didn't change. Will work on a fix.

IBM-Cloud / terraform-provider-ibm