nil pointer panic when oci_identity_domains_app has >1 scope

[caroline-hughes]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

plugin.terraform-provider-oci_v5.45.01

Affected Resource(s)

oci_identity_domains_app

Terraform Configuration Files

variable "scopes" {
  type = map(object({
    display_name = string,
    value        = string
  }))
  default = {
    "FrontOffice" = {
      value            = "/frontoffice",
      display_name     = "Front Office Application"
    },
    "SelfReg" = {
      value            = "/selfregistration",
      display_name     = "Self Registration Application"
    },
  }
}

resource "oci_identity_domains_app" "Gen2APIResources" {
  based_on_template {
    value         = "CustomWebAppTemplateId"
  }
  schemas       = ["urn:ietf:params:scim:schemas:oracle:idcs:App", "urn:ietf:params:scim:schemas:oracle:idcs:extension:OCITags"]

  display_name  = "${var.cell_name}-Gen2APIResources"
  idcs_endpoint =  data.oci_identity_domains.idcs_domains.domains[0].url
  description = "${var.cell_name}-Gen2APIResources"
  access_token_expiry = 3600
  active = true
  is_oauth_resource = true
  audience = var.domain_audience

  dynamic "scopes" {
    for_each = var.scopes
    content {
      value = scopes.value.value
      display_name = scopes.value.display_name
    }
  }

  allowed_grants = [
    "client_credentials"
  ]
  allowed_operations = [
    "onBehalfOfUser"
  ]
  client_type = "confidential"
  bypass_consent = true
  is_login_target   = true
  is_oauth_client   = true
} 

Debug Output

full log: https://gist.github.com/caroline-hughes/70ad16218d92c4cdb7c3408f2de38e90

Panic Output

null pointer panic: https://gist.github.com/caroline-hughes/1546ccb996d5ea635a03db753273da63

Expected Behavior

The oci_identity_domains_app should be successfully created with both scopes.

Actual Behavior

The release panics and fails due to a nil pointer.

Steps to Reproduce

We (internal oracle team) run our releases with Shepherd, and this module fails every time. Only when we have a single scope, it succeeds. This is with version 5.45. Reverting to a few earlier versions did not help.

[tf-oci-pub]

Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.