oracle / terraform-provider-oci

Terraform Oracle Cloud Infrastructure provider
https://www.terraform.io/docs/providers/oci/
Mozilla Public License 2.0
759 stars 675 forks source link

404-NotAuthorizedOrNotFound while creating Instance #1520

Open ashishrah2611 opened 2 years ago

ashishrah2611 commented 2 years ago

Error:

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve.

Enter a value: yes

oci_core_instance.test_instance[0]: Creating... ╷ │ Error: 404-NotAuthorizedOrNotFound │ Provider version: 4.61.0, released on 2022-01-26.
│ Service: Core Instance │ Error Message: Authorization failed or requested resource not found. │ OPC request ID: 1b42d32018453a4ce9ad7ab109fd57a6/B3A8AFCEB7C20E221594D44F8BD1BE2F/1731C4D1F61555671EF5579CD06│ Suggestion: Either the resource has been deleted or service Core Instance need policy to access this resource. Policy reference: https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm │ │ │ with oci_core_instance.test_instance[0], │ on ocienv.tf line 110, in resource "oci_core_instance" "test_instance": │ 110: resource "oci_core_instance" "test_instance" { │ ╵

############VERSION######### PS C:\tfoci> terraform -v Terraform v1.1.4 on windows_amd64

Mine .tf

terraform { required_providers { oci = { source = "hashicorp/oci" version = "4.61.0" } } } variable "tenancy_ocid" { default = "ocid1.tenancy.oc1..a:::::::::::::::::::::::::::::::::::::::::mowcq" }

variable "user_ocid" { default = "ocid1.user.oc1..::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::h3ckq" }

variable "fingerprint" { default = "e5:94:f8:ba:e4:1a:f7:64:87:c2:20:08:8b:d5:13:78" }

variable "private_key_path" { default = "C:\tfoci\oracleidentitycloudservice_ashish.rahangdale-01-31-10-37.pem" }

variable "region" { default = "ap-seoul-1" }

variable "compartment_ocid" { default = "ocid1.compartment.oc1..:::::::::::::::::::::::::::::::::::::::::::::::::::qz4qqqfjzq" }

variable "subnet_ocid" { default = "ocid1.subnet.oc1.ap-seoul-1.::::::::::::::::::::::::::::::::::::::::::::::::::::::::ka" }

/* variable "ssh_public_key" { }

variable "ssh_private_key" { } */ provider "oci" { tenancy_ocid = var.tenancy_ocid user_ocid = var.user_ocid fingerprint = var.fingerprint private_key_path = var.private_key_path region = var.region }

data "oci_identity_availability_domain" "ad"{ compartment_id = var.tenancy_ocid ad_number = 1 }

data "oci_objectstorage_namespace" "ns" {}

Defines the number of instances to deploy

variable "num_instances" { default = "1" } variable "num_iscsi_volumes_per_instance" { default = "1" }

variable "num_paravirtualized_volumes_per_instance" { default = "2" }

variable "instance_shape" { default = "VM.Standard.E2.1.Micro" }

variable "instance_ocpus" { default = 1 }

variable "instance_shape_config_memory_in_gbs" { default = 1 }

variable "instance_image_ocid" { type = map(string)

default = {

See https://docs.us-phoenix-1.oraclecloud.com/images/

# https://docs.oracle.com/en-us/iaas/images/image/c918702c-8d3a-4895-a5f5-2e953eac4087/ 
# Oracle-provided image "Oracle-Linux-7.5-2018.10.16-0"
ap-seoul-1     = "oci1.image.oc1.ap-seoul-1.aaaaaaaacd2rve4fvn5hxktbuhp4qvoulvrmdo7ypoqadidgofeji2cfuxda"

} }

variable "db_size" { default = "50" # size in GBs }

variable "tag_namespace_description" { default = "Just a test" }

variable "tag_namespace_name" { default = "testexamples-tag-namespace" }

resource "oci_core_instance" "test_instance" { count = var.num_instances availability_domain = "${data.oci_identity_availability_domain.ad.name}" compartment_id = var.compartment_ocid display_name = "TestInstanceTest" shape = var.instance_shape

shape_config { ocpus = var.instance_ocpus memory_in_gbs = var.instance_shape_config_memory_in_gbs }

create_vnic_details { subnet_id = var.subnet_ocid display_name = "Primaryvnic" assign_public_ip = true assign_private_dns_record = true }

source_details { source_type = "image" source_id = var.instance_image_ocid[var.region] }

resource "oci_objectstorage_bucket" "TestBucketAshish1234554321" { compartment_id = "${var.compartment_ocid}" namespace = "${data.oci_objectstorage_namespace.ns.namespace}" name = "TestBucketAshish1234554321" //access_type = "NoPublicAccess" } */

icy commented 2 years ago

@ashishrah2611 What is your setting var.region? It's probably that the region doesn't match with your expected region (ap-seoul-1). I got the same issue several days ago and fixing the region was helpful. Hope this helps.

dellabeneta commented 2 years ago

hey man, did you manage to solve it? I have the same problem.

MaximShepelev commented 2 years ago

OCI provider errors might be confusing and do not give helpful hints as described here I suggest you double check your provider config (tenancy_ocid, user_ocid). Best thing to do is follow official documentation step-by-step. I noted correct tenance_ocid and user_ocid after adding RSA key to my account

famousgarkin commented 1 year ago

apparently this can eat about anything, for me it was due to wrongly passing a list of subnets to oci_core_instance.create_vnic_details.subnet_id, just forgot to one() it, you'd expect such basic type validation right in the provider, not getting up to API at all, and failing the plan

djkerya commented 1 year ago

I have the same problem

guitcastro commented 1 year ago

Yep, the error is incredible misaligned. In my case I was using a image from another region:

ocid1.image.oc1.[region].aaaaaaaaovmgmjdepm5x372pzvkq7nuwhwt3vaiexr3wfweyozl2br5e6wsq

ravinitp commented 1 year ago

Thank you for reporting the issue. We observed the affected resources are not provided in the description or it's incorrect. We request you to add it in issue description as mentioned in below format. Example: affected_resources = oci_core_instance , oci_core_instances

If it's not related to any particular resource then mention affected resource as terraform. Example: affected_resources = terraform

As this works through automation, request you to follow exact syntax.

jplorier commented 1 year ago

I run in the same issue and for me, it was the image id

jfx commented 1 year ago

Same and the list of the images ocid by region is available here: https://docs.oracle.com/en-us/iaas/images/

mancier commented 1 year ago

Morning Guys!

I am facing the same issue when I try to create a VCN

│ Error: 404-NotAuthorizedOrNotFound, Authorization failed or requested resource not found.

And, until now, I havent found a way to fix

Blake-hub-cloud commented 1 year ago

Hi Guys!,

Same issue, in my case, this is presented when Packer is creating the Custom Image on Oracle OCI. The step oracle-oci: Updating image schema... presents following message.

oracle-oci: Error updating image schema: Error returned by Compute Service. Http Status Code: 404. Error Code: NotAuthorizedOrNotFound. Opc request id:

Btw, the same pipeline (same tenant, user and others ) was working a couple of months ago.

janis-ax commented 1 year ago

Same and the list of the images ocid by region is available here: https://docs.oracle.com/en-us/iaas/images/

I cannot believe how stupid this approach is. So for all others: Please double-check the image id…. it's an own ID for all locations.