Is it possible to provision WebRTC softphone entitlements for agents via the Genesys Cloud Terraform provider without triggering a 403 Forbidden response during the apply phase? The deployment pipeline fails when attempting to assign the webrtc_softphone capability to user objects that are also bound to specific WFM schedules.
The environment details are as follows:
- Terraform version: 1.6.4
- Genesys Cloud Provider: 1.12.0
- Region: us-east-1
- OAuth Scope:
user:read,user:write,webrtc:admin - Architect Flow: Standard IVR with WebRTC fallback logic
The HCL block responsible for the failure is below. The error occurs specifically when the capabilities list includes webrtc_softphone.
resource "genesyscloud_user" "agent" {
name = var.agent_name
email = var.agent_email
capabilities = [
"webrtc_softphone",
"voice"
]
division_id = genesyscloud_organization_settings.default.division_id
}
The API response body indicates:
{
"code": "forbidden",
"message": "User does not have permission to perform this action on resource webrtc_softphone",
"status": 403
}
Manual assignment in the UI works instantly. The role assigned to the service account has webrtc:admin and user:write. Testing via Postman with the same token succeeds. The issue persists across multiple environments (dev, stage).
Could this be a race condition where the user object is not fully hydrated before the capability assignment is attempted? Or is there a specific dependency order required in the Terraform graph for WebRTC resources? The GC CLI genesyscloud user update command also fails with a similar 403 if run immediately after user creation, suggesting a state synchronization delay.
Looking for workarounds or known issues in provider version 1.12.0 related to WebRTC capability assignment.