Resource ADW: Error when providing vault_id and kms_id while provisioning ADW

[sindhura2509]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

Terraform v1.6.2 Provider Version 5.27.0

Affected Resource(s)

oci_database_autonomous_database

Terraform Configuration Files

Code Snippet:

resource "oci_database_autonomous_database" "test_autonomous_database" {

Required

compartment_id = var.compartment_id db_name = var.db_name

Optional

compute_count = var.cpu_core_count compute_model = var.compute_model data_storage_size_in_tbs = var.data_storage_size_in_tbs admin_password = random_password.adw_admin_password.result db_workload = var.db_workload display_name = var.display_name is_free_tier = var.is_free_tier license_model = var.license_model backup_retention_period_in_days = var.backup_retention_period_in_days subnet_id = var.subnet_id vault_id = var.add_vault == true ? var.vault_id : "" is_auto_scaling_enabled = var.autonomous_database_is_auto_scaling_enabled is_auto_scaling_for_storage_enabled = var.autonomous_database_is_auto_scaling_for_storage_enabled kms_key_id = var.add_vault == true ? oci_kms_key.test_key.id : "" defined_tags = merge(var.tags, var.env_tag)

customer_contacts {

#Optional
email = var.customer_contacts_email

}

depends_on = [ oci_kms_key.test_key, oci_vault_secret.adw_secret, data.oci_secrets_secretbundle.adw_secretbundle ] }

Debug Output

Receiving below error while provisioning ADW by giving vault_id and kms_id parameters. Although if we provision ADW without these parameters initially, and then apply the changes again by adding these parameters it is successful.

Actual Behavior

404 - Invalid parameter - cannot create or rotate anonymous database encryption key id or open the database. Encryption key ids cannot be null or blank.

Expected Behavior

ADW has to be provisioned by providing vaulat and kms key details at the initial run itself

[SamuelMolling]

Same problem here. Another thing I saw is that the key shape requested in the documentation for an autonomous database is AES 256, but in the API it only goes up to 32

Documentation: https://docs.oracle.com/en/cloud/paas/autonomous-database/serverless/adbsb/prerequisite-user-managed-key.html#GUID-6A30B530-49FC-46AC-AEB7-E3A53EEE29A9