ibm_scc_instance_settings is failing with Invalid address to set: []string{"event_notifications", "0", "source_description"}

[ocofaigh]

│ Error: Error setting event_notifications: Invalid address to set: []string{"event_notifications", "0", "source_description"}
│ 
│   with ibm_scc_instance_settings.scc_instance_settings,
│   on scc.tf line 86, in resource "ibm_scc_instance_settings" "scc_instance_settings":
│   86: resource "ibm_scc_instance_settings" "scc_instance_settings" {
│ 
╵

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform IBM Provider Version

tf 1.9.2
ibm provider 1.71.2

Affected Resource(s)

• ibm_scc_instance_settings

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

locals {
  region = "eu-de"
  bucket_name= "test-scc-123"
}

provider "ibm" {
  ibmcloud_api_key = "XX"
  region           = local.region
}

terraform {
  required_version = ">= 1.9.0"
  required_providers {
    ibm = {
      source  = "IBM-Cloud/ibm"
      version = "1.71.2"
    }
  }
}

resource "ibm_resource_instance" "cos_instance" {
  name              = "test-cos"
  service           = "cloud-object-storage"
  plan              = "standard"
  location          = "global"
}

resource "ibm_cos_bucket" "bucket" {
  bucket_name          = local.bucket_name
  resource_instance_id = ibm_resource_instance.cos_instance.id
  region_location      = local.region
  storage_class        = "standard"
}

resource "ibm_resource_instance" "scc_instance" {
  name              = "test-scc"
  service           = "compliance"
  plan              = "security-compliance-center-standard-plan"
  location          = local.region
}

resource "ibm_resource_instance" "en_instance" {
  name              = "en-test"
  service           = "event-notifications"
  plan              = "standard"
  location          = local.region
  parameters = {
    service-endpoints = "public-and-private"
  }
}

data "ibm_iam_account_settings" "iam_account_settings" {
}

resource "ibm_iam_authorization_policy" "scc_cos_s2s_access" {
  source_service_name         = "compliance"
  source_resource_instance_id = ibm_resource_instance.scc_instance.guid
  roles                       = ["Writer"]

  resource_attributes {
    name     = "serviceName"
    operator = "stringEquals"
    value    = "cloud-object-storage"
  }

  resource_attributes {
    name     = "serviceInstance"
    operator = "stringEquals"
    value    = ibm_resource_instance.cos_instance.guid
  }

  resource_attributes {
    name     = "accountId"
    operator = "stringEquals"
    value    = data.ibm_iam_account_settings.iam_account_settings.account_id
  }
}

# workaround for https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4478
resource "time_sleep" "wait_for_scc_cos_authorization_policy" {
  depends_on = [ibm_iam_authorization_policy.scc_cos_s2s_access]

  create_duration = "30s"
}

resource "ibm_scc_instance_settings" "scc_instance_settings" {
  depends_on  = [time_sleep.wait_for_scc_cos_authorization_policy]
  instance_id = resource.ibm_resource_instance.scc_instance.guid
  event_notifications {
    instance_crn = resource.ibm_resource_instance.en_instance.crn
  }
  object_storage {
    instance_crn = ibm_resource_instance.cos_instance.crn
    bucket       = local.bucket_name
  }
}

Debug Output

scc-debug.txt

Panic Output

Expected Behavior

No error

Actual Behavior

│ Error: Error setting event_notifications: Invalid address to set: []string{"event_notifications", "0", "source_description"}

Steps to Reproduce

1. terraform apply

Important Factoids

References

• #0000

[ocofaigh]

This also impact terraform destroy. So once a consumer hits this, they can't even destroy the resources

[ocofaigh]

FYI, not able to reproduce in us-south. Above logs are from eu-de

[lionelmace]

I started facing this issue in this minimal standalone sample
https://github.com/lionelmace/ibmcloud-utils/tree/master/terraform/scc

Blocking issue...

[lionelmace]

Provider 1.71.3 fixes the issue, but introduced a new error

Error: event_notifications.source_name needs to be defined along with event_notifications.instance_crn
with ibm_scc_instance_settings.scc_instance_settings
on security-scc-instance.tf line 11, in resource "ibm_scc_instance_settings" "scc_instance_settings":
resource "ibm_scc_instance_settings" "scc_instance_settings" {

Adding the source_name fixes the issue. The doc should reflect that this attribute is required (not optional as mentioned)

resource "ibm_scc_instance_settings" "scc_instance_settings" {
  instance_id = ibm_resource_instance.scc_instance.guid
  event_notifications {
    instance_crn = ibm_resource_instance.event-notifications.crn
    source_name  = format("%s-%s", local.basename, "scc-notifications")
  }
  object_storage {
    instance_crn = ibm_resource_instance.cos-scc.crn
    bucket       = ibm_cos_bucket.scc-bucket.bucket_name
  }
}

[ocofaigh]

@lionelmace yea, I just left that comment in the PR -> #5818 (comment)

Its good that the provider is catching it, but I think the descrption could be clearer (cc @tyao117 @hkantare )