Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attaching multiple user policies does not work #331

Closed
zx1986 opened this issue Sep 15, 2022 · 8 comments · Fixed by #492
Closed

Attaching multiple user policies does not work #331

zx1986 opened this issue Sep 15, 2022 · 8 comments · Fixed by #492
Labels
enhancement New feature or request

Comments

@zx1986
Copy link

zx1986 commented Sep 15, 2022

terraform-provider-minio/minio/resource_minio_iam_policy.go

Line 130 in 627acce

if len(value) > 128 {

It seems only one policy could attach to a user,
if I have multiple policies to attach, I have to flatten the policy list to a string (split by ,) then attach?
@zx1986 zx1986 changed the title Why IAM attachment policy has 128 length limit? And only one policy could be attach? Why IAM attachment policy name has 128 characters length limit? And only one policy could be attach? Sep 15, 2022
@BuJo
Copy link
Collaborator

BuJo commented Oct 3, 2022
edited
Loading

The length is presumably because the Amazon IAM Documentation contains that limit.

I haven't attached multiple policies to one user yet, but that's basically where the minio_iam_user_policy_attachment resource comes into play.

@BuJo
Copy link
Collaborator

BuJo commented Oct 3, 2022

Hmm.. @zx1986 unsure if I understood you correctly yet. Was that a feature request? Would you like to specify how your solution to add multiple policies to a single user would look like? I'm not sure what your 'policy list' looks like (unflattened?).

@BuJo BuJo added the question Further information is requested label Oct 3, 2022
@zx1986
Copy link
Author

zx1986 commented Oct 4, 2022

Thanks for your response @BuJo !

We had used minio_iam_user_policy_attachment,
but if we have multiple policies,
using a loop to run minio_iam_user_policy_attachment, it will attach only the last policy.

pseudo codes:

policies:
- policy1
- policy2
- policy3

users:
- user1
- user2

for idx, policy in policies:
  minio_iam_user_policy_attachment ( 
    attachment_idx,  
    policyName: policy.name,
    userName: users[0]
  )

that will be only policy3 attach to user1, policy1 and policy2 will lose attach to user1.
so we flatten policies into a string (split by ,) be like:

long_policy_names = policies.join(',')

minio_iam_user_policy_attachment ( 
  one_attachment,  
  policyName: long_policy_names,
  userName: users[0]
)

it works fine, until the long_policy_names reach the 128 length limit.
😭

@BuJo
Copy link
Collaborator

BuJo commented Oct 4, 2022

I'm beginning to understand. Funny that this works. I guess the best interface from outside would be to allow an actual array instead of simply a string to avoid problems like this.. I'll have a look into it and see what I can do.

@BuJo BuJo added enhancement New feature or request and removed question Further information is requested labels Oct 4, 2022
@BuJo BuJo changed the title Why IAM attachment policy name has 128 characters length limit? And only one policy could be attach? Attaching multiple user policies does not work Oct 4, 2022
@zhulik
Copy link

zhulik commented Jan 17, 2023

I'm falling into this issue, any updates?

@kingnarmer
Copy link

I am running into same issue. Is there any workaround ?

@zx1986
Copy link
Author

zx1986 commented May 17, 2023

the work around for us right now is: to concatenate the list into a string

@asdevcapybara
Copy link
Contributor

@zx1986 could you show example? I have the same issue :/

@Adphi Adphi mentioned this issue Jul 27, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add multiple group/user policies support
5 participants
@BuJo @zx1986 @zhulik @kingnarmer @asdevcapybara