OCI maintained defined tags triggers replacement in load balancer logs

[dhoogfr]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

Terraform v1.4.6
on linux_amd64
+ provider registry.terraform.io/hashicorp/random v3.5.1
+ provider registry.terraform.io/oracle/oci v5.0.0

Affected Resource(s)

oci_logging_log oci_load_balancer_load_balancer

Terraform Configuration Files

As per issue #1283 , I included the ignore_defined_tags to the provider. And although this worked for other resources, Terraform still wants to remove the tags after the initial creation.

provider "oci" {
  tenancy_ocid     = var.tenancy_ocid
  user_ocid        = var.user_ocid
  fingerprint      = var.fingerprint
  private_key_path = var.private_key_path
  region           = var.target_region
  ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"]
}

resource "oci_logging_log" "gdb_lb_app1_log_error" {
  display_name = replace("log-${var.lb_dgpl_tst_config.display_name}-error", " ", "-")
  log_group_id = data.terraform_remote_state.shared.outputs.log_group_network_default_id
  log_type     = "SERVICE"

  configuration {
    source {
      category    = "error"
      resource    = oci_load_balancer_load_balancer.dgpl_tst.id
      service     = "loadbalancer"
      source_type = "OCISERVICE"
    }

    compartment_id = oci_identity_compartment.app.id
  }
  defined_tags       = var.env_default_tags_tst
  is_enabled         = true
  retention_duration = 30
}

Debug Output

The following debug output was from Terraform version Terraform v1.4.6 with oci plugin version v4.119.0, but the issue remains the same with the latest versions.

https://gist.github.com/dhoogfr/ceaa2fc7088f02c4306a9fcf469f9cf8

Panic Output

Expected Behavior

Terraform should ignore the Oracle maintained defined tags

Actual Behavior

Terraform wants to drop and recreate the load balancer logs. (not only remove the tags). Because of the replacement, the issue keeps popping up with each deployment.

Steps to Reproduce

1. create load balancer
2. create access / error log resources for this loadbalancer
3. run apply without changing anything --> triggers replacement of the logs

Important Factoids

References

1283

[tf-oci-pub]

Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.

[dhoogfr]

After checking the message better, I noticed that it are not the defined tags that are forcing the replacement, but the change in compartment.

It turned out that the log group and the log itself had different compartment attributes and when provisioning the log, Oracle creates it under the compartment of the log group instead of the compartment specified with the log.

When I try to create a log via the console, with a different compartment than the loggroup, the console will present a screen to create a new loggroup. So it's seems correct that the log and logroup should always be placed in the same compartment. But it's confusing with Terraform as it silently changes the compartment and then wants to recreate the log during each following apply.