Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCI provider claims deletion of NSG related resources is successful even though it failed due to a lack of permissions. #2087

Open
smckend-bunnings opened this issue Apr 9, 2024 · 6 comments
Open

OCI provider claims deletion of NSG related resources is successful even though it failed due to a lack of permissions. #2087

smckend-bunnings opened this issue Apr 9, 2024 · 6 comments
Labels
awaiting-affected-resources Please Provide the affected resource name in description. ex. Affected resource - oci_core_instance bug

Comments

@smckend-bunnings
Copy link

smckend-bunnings commented Apr 9, 2024
edited

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Issue Summary

We were wondering why a bunch of duplicate NSG resources were showing up in our OCI environment and recently realised that Terraform didn't actually have the required permissions to delete network related resources. Instead of failing whenever we tried to delete/replace network related issues, the Terraform OCI provider claims to have successfully deleted the resource(s) rather than failing due to a lack of permissions.

image

Terraform Version and Provider Version

terraform 1.1.9
oci 5.35.0

Affected Resource(s)

oci_core_network_security_group,
oci_core_network_security_group_security_rule

affected_resources = oci_core_network_security_group, oci_core_network_security_group_security_rule

Expected Behavior

Terraform should fail to delete resources that it doesn't have permission to delete.

Actual Behavior

Terraform "says" it deletes the resource and removes it from state but the resource still exists in OCI.

Steps to Reproduce

  • Set up a policy that allows you to create network resources but not delete
  • Create a NSG with a rule via Terraform
  • Run a terraform destroy
@tf-oci-pub
Copy link
Member

Thank you for reporting the issue. We observed the affected resources are not provided in the description or it's incorrect. We request you to add it in issue description as mentioned in below format.
Example: affected_resources = oci_core_instance , oci_core_instances

If it's not related to any particular resource then mention affected resource as terraform.
Example: affected_resources = terraform

As this works through automation, request you to follow exact syntax.

@tf-oci-pub tf-oci-pub added the awaiting-affected-resources Please Provide the affected resource name in description. ex. Affected resource - oci_core_instance label Apr 9, 2024
@smckend-bunnings
Copy link
Author

Updated with affected resources syntax

@sanne-bunnings
Copy link

Any update on this @tf-oci-pub ?

@smckend-bunnings
Copy link
Author

Potentially related to #2055

@sanne-bunnings
Copy link

Any update on this @tf-oci-pub ?

@sanne-bunnings
Copy link

@tf-oci-pub , Any update on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting-affected-resources Please Provide the affected resource name in description. ex. Affected resource - oci_core_instance bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tf-oci-pub @sanne-bunnings @smckend-bunnings