oci_objectstorage_preauthrequest incorrectly deletes & replaces the resource every time

[dch]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

Terraform v1.7.5-dev on freebsd_amd64
+ provider registry.terraform.io/oracle/oci v5.36.0

Affected Resource(s)

• oci_objectstorage_preauthrequest

Terraform Configuration Files

resource "oci_objectstorage_preauthrequest" "pkg" {
    access_type = "AnyObjectRead"
    bucket_listing_action = "ListObjects"
    bucket = "pkg"
    name = "pkg_repo_readonly"
    namespace = var.tenancy_namespace
    time_expires = "2038-01-01T12:00:00Z"
}

Debug Output

$ terraform apply
...
  # oci_objectstorage_preauthrequest.pkg must be replaced
-/+ resource "oci_objectstorage_preauthrequest" "pkg" {
      ~ access_uri            = "/p/Iny9Mn_WoSmYcZvSMRVhU-ZMljp4TdYkxLHAbcqNSAQZo4YCenX60Cl_orgioox_/n/axvxsnomswgi/b/pkg/o/" -> (known after apply)
      + bucket_listing_action = "ListObjects" # forces replacement
      ~ full_path             = "https://axvxsnomswgi.objectstorage.eu-amsterdam-1.oci.customer-oci.com/p/.../n/axvxsnomswgi/b/pkg/o/" -> (known after apply)
      ~ id                    = "n/axvxsnomswgi/b/pkg/p/..." -> (known after apply)
        name                  = "pkg_repo_readonly"
      + object                = (known after apply)
      + object_name           = (known after apply)
      ~ par_id                = "..." -> (known after apply)
      ~ time_created          = "2024-04-11 21:25:50.045 +0000 UTC" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

• full TF_LOG available privately

Expected Behavior

a previously created PAR should not be deleted.

Actual Behavior

The PARs are deleted, and we need to re-distribute these on every single terraform run.

Steps to Reproduce

• Make a bucket
• add a PAR With "Object List" capability
• run terraform apply and watch it replace every single time

References

This has been the case for a couple of years at least: https://github.com/oracle/terraform-provider-oci/issues/1570

[tf-oci-pub]

Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.

[jacobcsmith]

To work around this bug we used the ignore_changes lifecycle attribute to instruct terraform to ignore changes to bucket_listing_action. Once added, terraform no longer attempts to recreate the oci_objectstorage_preauthrequest resource.

[dch]

@jacobcsmith interesting. can you give a more complete example of this please? thanks!

[jacobcsmith]

Using your example it would be like this

resource "oci_objectstorage_preauthrequest" "pkg" {
    access_type = "AnyObjectRead"
    bucket_listing_action = "ListObjects"
    bucket = "pkg"
    name = "pkg_repo_readonly"
    namespace = var.tenancy_namespace
    time_expires = "2038-01-01T12:00:00Z"

    lifecycle {
      ignore_changes = [bucket_listing_action]
    }
}