You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello. I am trying to deploy a confidential app via Terraform using the oci_identity_domains_app resource (oracle/oci v5.36.0), and I've figured out everything except the granted_app_roles. According to the documentation, granted_app_roles is optional and updatable, but when I set it in my Terraform, I get the following:
│ Error: Value for unconfigurable attribute
│
│ with oci_identity_domains_app.confidential_app,
│ on confidential-app.tf line 13, in resource "oci_identity_domains_app" "confidential_app":
│ 13: resource "oci_identity_domains_app" "confidential_app" {
│
│ Can't configure a value for "granted_app_roles": its value will be decided automatically based on the result of applying this configuration.
Here is my terraform code. The granted_app_roles is currently hardcoded while I troubleshoot:
If I comment out granted_app_roles, the app deploys successfully. I can then manually add the app role, and if I run another plan, it notes the change made outside terraform:
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan:
# oci_identity_domains_app.confidential_app has changed
~ resource "oci_identity_domains_app" "confidential_app" {
~ granted_app_roles = [
+ {
+ admin_role = true
+ app_id = "IDCSAppId"
+ app_name = "IDCSApp"
+ display = "Identity Domain Administrator"
+ legacy_group_name = ""
+ read_only = false
+ ref = "https://idcs-<redacted>.identity.oraclecloud.com:443/admin/v1/AppRoles/<redacted>"
+ type = "direct"
+ value = "<redacted>"
},
]
id = "<redacted>"
~ meta = [
~ {
~ last_modified = "2024-04-16T22:55:33.812Z" -> "2024-04-16T22:58:18.867Z"
~ version = "<redacted>" -> "<redacted>"
# (3 unchanged attributes hidden)
},
]
name = "<redacted>"
# (46 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these
changes.
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Changes to Outputs:
~ app = {
~ granted_app_roles = [
+ {
+ admin_role = true
+ app_id = "IDCSAppId"
+ app_name = "IDCSApp"
+ display = "Identity Domain Administrator"
+ legacy_group_name = ""
+ read_only = false
+ ref = "https://idcs-<redacted>.identity.oraclecloud.com:443/admin/v1/AppRoles/<redacted>"
+ type = "direct"
+ value = "<redacted>"
},
]
id = "<redacted>"
~ meta = [
~ {
~ last_modified = "2024-04-16T22:55:33.812Z" -> "2024-04-16T22:58:18.867Z"
~ version = "<redacted>" -> "<redacted>"
# (3 unchanged attributes hidden)
},
]
name = "<redacted>"
tags = []
# (118 unchanged attributes hidden)
}
You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.
Please let me know if there is something I can do to allow granted_app_roles to work.
The text was updated successfully, but these errors were encountered:
Hello. I am trying to deploy a confidential app via Terraform using the oci_identity_domains_app resource (oracle/oci v5.36.0), and I've figured out everything except the granted_app_roles. According to the documentation, granted_app_roles is optional and updatable, but when I set it in my Terraform, I get the following:
Here is my terraform code. The granted_app_roles is currently hardcoded while I troubleshoot:
If I comment out granted_app_roles, the app deploys successfully. I can then manually add the app role, and if I run another plan, it notes the change made outside terraform:
Please let me know if there is something I can do to allow granted_app_roles to work.
The text was updated successfully, but these errors were encountered: