search

oracle / terraform-provider-oci

Terraform Oracle Cloud Infrastructure provider
https://www.terraform.io/docs/providers/oci/
Mozilla Public License 2.0
760 stars 684 forks source link

oracle/oci: work request did not succeed #2090

Open Yingwenxushe opened 7 months ago

Yingwenxushe commented 7 months ago

resource "time_rotating" "rotation_month_oci" { rotation_months = 5 }

resource "random_password" "oracle_admin" { count = var.deploy_oracle_db ? 1 : 0

length = 20 min_lower = 2 min_upper = 2 min_numeric = 2 min_special = 2 overridespecial = "-" keepers = { time = time_rotating.rotation_month_oci.id } }

resource "azurerm_key_vault_secret" "oracle_admin" { count = var.deploy_oracle_db ? 1 : 0

name = "nexeed-oracle-admin-pw" value = random_password.oracle_admin[0].result key_vault_id = var.key_vault.id }

resource "azurerm_key_vault_key" "oracle" { count = var.deploy_oracle_db ? 1 : 0

name = "nexeed-oracle-ssh-key" key_vault_id = var.key_vault.id key_type = "RSA" key_size = 2048

key_opts = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"] }

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. 
# Please remove any sensitive information from configuration files before sharing them.

Debug Output

Panic Output

Expected Behavior

Actual Behavior

Steps to Reproduce

  1. terraform apply

Important Factoids

References

tf-oci-pub commented 7 months ago

Thank you for reporting the issue. We observed the affected resources are not provided in the description or it's incorrect. We request you to add it in issue description as mentioned in below format. Example: affected_resources = oci_core_instance , oci_core_instances

If it's not related to any particular resource then mention affected resource as terraform. Example: affected_resources = terraform

As this works through automation, request you to follow exact syntax.

Yingwenxushe commented 7 months ago

i get the feedback from oracle cloud side we can't change the sys and TDE wallet passwords together, while the oci tf provider support the definition together, which will trigger an issue during the password rotation.

  | I checked the behavior at the backend and found that action of the update SshKeys is successful but the UpdateDB is failed.It is observed from the logs that failure reason is as follows."DCS-10045:Validation error encountered: Please update either sys or tde credential, not both. If both need to be updated, please run workflows separately. "Retry the update operation from UI wiith correct TDE wallet password.Verify the TDE password as below on the db systemsudo su - oracleorapki wallet display -wallet /ewallet.p12You can get the TDE wallet path from the below querySQL> select * from v$encryption_wallet; -- | --
Yingwenxushe commented 7 months ago

the terraform provider definition of sys and TDE wallet password is unique, which don't support the rotation in different place.