Provider reports resource creation completed status prematurely

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

Terraform v1.3.5
on linux_amd64
+ provider registry.terraform.io/oracle/oci v4.100.0

Affected Resource(s)

oci_core_vcn

All. Issue should be at the provider level in general, not specific resource

Terraform Configuration Files

test deployment shell script mimicking ci/cd automated deployment, followed by automated testing with auto-destroy at the #### end. please use this script to reproduce the issue. detailed instruction is in the "step-to-reproduce" section below

#!/usr/bin/env bash

terraform init

# to ensure test environment is clean
terraform destroy -auto-approve

# deploy test code
terraform apply -auto-approve

# sleep timer to confirm oci provider issue.
# Without the sleep timer, verification using oci cli will fail randomly.
# due to this reported bug where provider reports resources as created while they were not.
# manually insert the sleep timer before run oci cli for verification is the workaround for now

# echo "sleep delay timer before terraform deployment verification"
# sleep 10s

# automated test for terraform deployment
vcn_parent_compartment_ocid=$(oci search resource structured-search --region ca-toronto-1 --query-text "QUERY vcn resources where lifeCycleState == 'AVAILABLE' && cidrBlocks == '192.168.1.0/24'" --query 'data.items[0]."compartment-id"' 2>&1)
internet_gateway_route_table_ocid=$(oci search resource structured-search --region ca-toronto-1 --query-text "QUERY routetable resources where lifeCycleState == 'AVAILABLE' && displayName == 'testigw-route-table'" --query 'data.items[0].identifier' 2>&1)

echo ''
echo "vcn_parent_compartment_ocid: $vcn_parent_compartment_ocid"
echo "internet_gateway_route_table_ocid: $internet_gateway_route_table_ocid"
echo ''

if [[ $vcn_parent_compartment_ocid = 'Query returned empty result, no output to show.' ]] || [[ $internet_gateway_route_table_ocid = 'Query returned empty result, no output to show.' ]]; then
    echo ''
    echo "deployment verification failed"
    echo ''
else
    echo ''
    echo "deployment verification succeeded"
    echo ''
fi

# destroy environment after test
terraform destroy -auto-approve

test terraform code main.tf (please add a valid parent compartment id for compartment resource and then use the shell script above to deploy):


terraform {
  required_version = ">= 1.3.5, < 2.0.0"

  required_providers {
    oci = {
      source  = "oracle/oci"
      version = ">= 4.100.0, < 5.0.0"
    }
  }
}

resource "oci_identity_compartment" "this" {
  compartment_id = <valid parent comparment id> 
  name           = "testcmp"
  description    = "testcmp"
  enable_delete  = true
}

resource "oci_core_vcn" "this" {
  compartment_id = oci_identity_compartment.this.id

  cidr_blocks  = ["192.168.1.0/24"]
  display_name = "testvcn"
  dns_label    = "testvcn"
}

resource "oci_core_route_table" "igw" {
  compartment_id = oci_identity_compartment.this.id
  display_name   = "testigw-route-table"
  vcn_id         = oci_core_vcn.this.id
}

resource "oci_core_internet_gateway" "this" {
  compartment_id = oci_identity_compartment.this.id
  vcn_id         = oci_core_vcn.this.id

  display_name   = "testigw"
  enabled        = true
  route_table_id = oci_core_route_table.igw.id
}

resource "oci_core_route_table" "subnet" {
  compartment_id = oci_identity_compartment.this.id
  display_name   = "testsubnet-route-table"
  vcn_id         = oci_core_vcn.this.id
}

resource "oci_core_subnet" "this" {
  compartment_id = oci_identity_compartment.this.id
  vcn_id         = oci_core_vcn.this.id
  cidr_block     = "192.168.1.0/26"

  route_table_id             = oci_core_route_table.subnet.id
  display_name               = "testsubnet"
  dns_label                  = "testsubnet"
  prohibit_internet_ingress  = true
  prohibit_public_ip_on_vnic = true
}

Debug Output

Panic Output

N/A

Expected Behavior

After terraform apply finishes successfully, all resources reported to be created successfully should actually be created and be queried using cli commands.

Actual Behavior

After terraform apply finishes successfully, using oci cli to query the resources immediately will resulted in empty query results.

Steps to Reproduce

save the shell script and main.tf into 2 files in the same directory
run the shell script which deploys the main.tf, run oci cli to query the resources after terraform apply completes and then destroy the deployed resources for housekeeping. please remember to insert a valid parent compartment id for the test compartment resource in main.tf above.
check in the middle of the screen output to look for the verification results. you should see something like below

vcn_parent_compartment_ocid: Query returned empty result, no output to show.
internet_gateway_route_table_ocid: Query returned empty result, no output to show.

deployment verification failed

the two variables: vcn_parent_compartment_ocid and internet_gateway_route_table_ocid will randomly shows either valid ocid, or error messages as "query returned empty result....." messages.

To workaround the issue, in the shell script, uncomment the sleep timer to add 10 seconds delay after terraform apply completes.

This shouldn't be the case as terraform provider always should report the correct resource creation status before exit.

oracle / terraform-provider-oci