Error 'storage_scan_config_incorrect' when creating AWS account using prismacloud_cloud_account_v2

erikpaasonen commented 1 year ago

Describe the bug

unable to "onboard" an AWS account to Prisma Cloud using the newly released prismacloud_cloud_account_v2 Terraform resource.

Expected behavior

Terraform should complete without error
the account ID should show up as a new entry in Cloud Accounts section of the Prisma Cloud console

Current behavior

Terraform fails on the apply phase with the following error message:

Error: 400/https://api.prismacloud.io/cas/v1/aws_account Error(msg:storage_scan_config_incorrect severity:error subject:invalid_parameter_value)

  with prismacloud_cloud_account_v2.test,
  on main.tf line 15, in resource "prismacloud_cloud_account_v2" "test":
  15: resource "prismacloud_cloud_account_v2" "test" {

Error running terraform apply   (exit status 1)

Possible solution

fix the API to not require a storage_scan_config for non-GCP non-IBM type accounts? not sure... this appears to be a provider bug with respect to the corresponding API endpoint.

Steps to reproduce

contents of main.tf:

data "prismacloud_aws_cft_generator" "test" {
  account_type = "account"
  account_id   = var.account_id
}

data "prismacloud_account_group" "test" {
  name = "my_test_group"
}

data "prismacloud_account_supported_features" "test" {
  cloud_type = "aws"
  account_type = "account"
}

resource "prismacloud_cloud_account_v2" "test" {
  aws {
    name        = var.account_name
    account_id  = var.account_id
    group_ids   = [data.prismacloud_account_group.test.group_id]
    role_arn    = var.role_arn

    dynamic "features" {
      for_each = data.prismacloud_account_supported_features.test.supported_features
      content {
        name = features.value
        state = "enabled"
      }
    }
  }
}

terraform init
terraform apply

Context

currently we onboard AWS accounts using the old prismacloud_cloud_account Terraform resource. the prismacloud_cloud_account_v2 resource was recently released and we are trying to refactor our Terraform code to use it.

Your Environment

Version used:
- Terraform: v1.2.2
- CPU arch: linux_amd64
- prismacloud Terraform provider: v1.3.7 (released this morning)
Operating System and version (desktop or mobile): Docker image derived ultimately from the official Terraform Docker image corresponding to the version of Terraform

ftbrecordspan commented 1 year ago

Thanks for raising, @erikpaasonen. We'll have a look.

nikitapanw commented 1 year ago

@erikpaasonen, the issue is because of the feature Data Security in the account onboarding features block, if you are blocked because of this issue then you can remove it from the features block. Or wait till we release a fix, we will release a fix for this issue next week.

AnushreeHS commented 1 year ago

@erikpaasonen Thanks for opening the issue, this is released with terraform version = "1.3.8" Closing the issue Thanks

PaloAltoNetworks / terraform-provider-prismacloud