oci_logging_log output missing key/value pair when running terraform plan(apply works fine)

[luckeyca]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

Terraform v1.4.5 on linux_amd64

• provider registry.terraform.io/oracle/oci v4.122.0

Affected Resource(s)

oci_logging_log

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. 
# Please remove any sensitive information from configuration files before sharing them. 

resource "oci_core_subnet" "these" {
  for_each = { for k, v in flatten([
    for subnet in var.subnets : [
      for route_table in oci_core_route_table.subnets : {
        cidr_block     = subnet.cidr_block
        display_name   = subnet.display_name
        dns_label      = subnet.dns_label
        route_table_id = route_table.id
      } if var.vcn_deploy && length(var.subnets) != 0 && startswith(route_table.display_name, subnet.dns_label)
    ]
  ]) : k => v if var.vcn_deploy && length(var.subnets) != 0 }
  compartment_id = var.compartment_ocid
  vcn_id         = oci_core_vcn.this[0].id
  cidr_block     = each.value.cidr_block

  route_table_id             = each.value.route_table_id
  display_name               = each.value.display_name
  dns_label                  = each.value.dns_label
  prohibit_internet_ingress  = var.is_dmz_vcn ? false : true
  prohibit_public_ip_on_vnic = var.is_dmz_vcn ? false : true

  freeform_tags = var.freeform_tags
}

####################
# Network Flow Log #
####################

resource "oci_logging_log" "these" {
  for_each = {
    for subnet in oci_core_subnet.these : subnet.display_name => subnet.id if var.vcn_deploy && length(var.subnets) != 0
  }

  display_name = format("%s-%s", each.key, "flowlog")
  configuration {
    source {
      category    = "all"
      resource    = each.value
      service     = "flowlogs"
      source_type = "OCISERVICE"
    }

    compartment_id = var.subnet_flowlog_compartment_ocid
  }

  log_group_id = var.subnet_flowlog_log_group_ocid
  log_type     = "SERVICE"

  freeform_tags      = var.subnet_flowlog_freeform_tags
  is_enabled         = true
  retention_duration = var.subnet_flowlog_log_retention_duration
}

output "subnet_flowlogs" {
  description = "Subnet Flowlog Information"
  value = [for log in oci_logging_log.these : {
    display_name       = log.display_name
    flowlog_ocid       = log.id
    retention_duration = log.retention_duration
    }
  ]
}

Expected Behavior

As the example code snippet, I created a new map for subnet flow logs. The expected on-screen outupt when running terraform plan should be as below:

 + dmz_all_subnet_flowlogs                      = [
      + {
          + display_name       = "dmz-app-subnet-flowlog"
          + flowlog_ocid       = (known after apply)
          + retention_duration = 90
        },
      + {
          + display_name       = "dmz-firewall-subnet-flowlog"
          + flowlog_ocid       = (known after apply)
          + retention_duration = 90
        },
      + {
          + display_name       = "dmz-proxy-subnet-flowlog"
          + flowlog_ocid       = (known after apply)
          + retention_duration = 90
        },
    ]

Actual Behavior

When running terraform plan, the flowlog_ocid = (known after apply) line is missing, the on-screen display is as below

 + dmz_all_subnet_flowlogs                      = [
      + {
          + display_name       = "dmz-app-subnet-flowlog"
          + retention_duration = 90
        },
      + {
          + display_name       = "dmz-firewall-subnet-flowlog"
          + retention_duration = 90
        },
      + {
          + display_name       = "dmz-proxy-subnet-flowlog"
          + retention_duration = 90
        },
    ]

NOTE: terraform apply does produce the correct list map with flowlog_ocid and its value.

Steps to Reproduce

1. use the code snippet above to create a list of subnets, tcreate flow log for each subnet and then enable output with the list map as shown in the code example
2. run terraform plan. you will see flowlog_ocid line is missing
3. terraform apply. this will show all 3 key/value pairs correctly with flawlog_ocid included.

Important Factoids

References

[tf-oci-pub]

Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.