Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Not being able to create policy using a Resource type list. #1289

Closed
ongsuwannoo opened this issue Jul 16, 2021 · 1 comment · Fixed by #1302
Closed

Not being able to create policy using a Resource type list. #1289

ongsuwannoo opened this issue Jul 16, 2021 · 1 comment · Fixed by #1302
Assignees
Milestone

Comments

@ongsuwannoo
Copy link

Not being able to create policy using a Resource type list.

Write a policy like this, but resource return must be []string only, I don't know what to do.

Terraform Version

Terraform v1.0.2
on linux_amd64
+ provider registry.terraform.io/huaweicloud/huaweicloud v1.26.0

Terraform Configuration Files

resource "huaweicloud_identity_role" "assumeRole_glob_policy" {
  name        = "assumeRole-glob-policy"
  description = "created by terraform"
  type        = "AX"
  policy      = <<EOF
    {
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "iam:agencies:assume"
            ],
            "Resource": {
                "uri": [
                    "/iam/agencies/xxx",
                    "/iam/agencies/bbb"
                ]
            },
            "Effect": "Allow"
        }
    ]
  }
EOF
}

Crash Output

│ Error: Error unmarshalling policy, please check the format of the policy document: json: cannot unmarshal object into Go struct field Statement.Statement.Resource of type []string
│ 
│   with huaweicloud_identity_role.assumeRole_glob_policy,
│   on base.tf line 1790, in resource "huaweicloud_identity_role" "assumeRole_glob_policy":
│ 1790: resource "huaweicloud_identity_role" "assumeRole_glob_policy" {

Steps to Reproduce

  1. terraform init
  2. terraform apply

References

(Optional) Assigning Permissions to an IAM User (by a Delegated Party)

@ShiChangkuo
Copy link
Collaborator

@ongsuwannoo Thanks for raising this.

There are two custom policies in HuaweiCloud: for services and for agencies. Currently, the provider only supports custom policy for services as the JSON formats of them are different.

I will try to implement custom policy for agencies in the next release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants