Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ibm_iam_authorization_policy - resource_attributes accept accountID but no corresponding target_service_account attribute allowed #5706

Open
vbontempi opened this issue Oct 7, 2024 · 0 comments
Open

ibm_iam_authorization_policy - resource_attributes accept accountID but no corresponding target_service_account attribute allowed #5706

vbontempi opened this issue Oct 7, 2024 · 0 comments
Labels
question service/IAM Issues related to IAM

Comments

@vbontempi
Copy link
Contributor

vbontempi commented Oct 7, 2024
edited
Loading

The ibm_iam_authorization_policy resource provides support for accountID as part of the nested block describing the resource attributes (resource_attributes) of the policy to create. For example this is supported


resource "ibm_iam_authorization_policy" "policy" {
(...)
  resource_attributes {
      name  = "accountId"
      operator = "stringEquals"
      value = "1234567890"
  }
(...)
}

But the same resource ibm_iam_authorization_policy doesn't support target_service_account attribute, what should be expected as the following name values serviceName, serviceInstance, resourceType, resourceGroupId, accountId are supported for resource_attributes block but only the following attributes are supported
target_service_name
target_resource_type
target_resource_group_id
target_resource_instance_id

As stated here these attributes (resource_attributes and target_*) are mutually exclusive, so it would be expected to have an attribute target_service_account to cover corresponding to resource_attributes.accountId nested block

The same doesn't happen with subject_attributes as source_service_account has a corresponding subject_attributes nested block that could be used as alternative subject_attributes.accountId

As users we would expect symmetry on these attributes and nested blocks

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Question

New or Affected Resource(s) or Datasource(s)

  • ibm_XXXXX

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

  • #0000
@github-actions github-actions bot added the service/IAM Issues related to IAM label Oct 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question service/IAM Issues related to IAM
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vbontempi