Prisma Cloud: Terraform Error 400 when onboarding Oracle "OCI-terraform.tf line 1, in resource "oci_identity_user"
Symptom
Error when running "Terraform apply" in Oracle when onboarding your cloud account into Prisma Cloud.
oci_identity_user.user,
on OCI-terraform.tf line 1, in resource "oci_identity_user" "user":
resource "oci_identity_user" "user" {
Environment
- Prisma Cloud
- Terraform
- OCI (Oracle)
Cause
Expected Behavior
Terraform provider documentation states that oci_identity_user email attribute is optional.
email - (Optional) (Updatable) The email you assign to the user. Has to be unique across the tenancy.
Actual Behavior
It seems like the email attribute is required.
email - (Required) (Updatable) The email you assign to the user. Has to be unique across the tenancy.
Terraform output error message:
Error":{"messageId":"error.identity.user.primaryEmailNotSpecified"}}
Resolution
- In Prisma Cloud Download the OCI cloud account Terraform template after completing the onboarding steps here.
GUI Path: Settings > Providers > Add Cloud Account > Oracle > 3. Terraform Template
- Configure Variables in Oracle with below configurations.
- Please include both attribute sections in the terraform.tf file after downloading the terraform template from Prisma Cloud and uploading it into Oracle under Stack Information. Example Usage:
resource "oci_identity_user" "test_user" {
#Required
compartment_id = var.tenancy_ocid
description = var.user_description
name = var.user_name
#Required
defined_tags = {"Operations.CostCenter"= "42"}
email = var.user_email
freeform_tags = {"Department"= "Finance"}
}
Additional Information
This appears to be an issue in the terraform-provider-oci, a request has already been filed for this here.