CheckPointSW / terraform-provider-checkpoint

Terraform provider for Check Point
https://www.terraform.io/docs/providers/checkpoint/
Mozilla Public License 2.0
28 stars 40 forks source link

[Support] Syntax for checkpoint_management_access_role #82

Closed Draxter closed 3 years ago

Draxter commented 3 years ago

I am trying to create an access role resource, which specifies an Active Directory group in the 'Users' section:

After reading this documentation

Here is my code:

resource "checkpoint_management_access_role" "aaa_access_role_test" { 
  name = "access_role_test"
  networks = ["grp-Internal-UserLANs"]
  users {
    source = "Service_Accounts"
    selection = "d996557a-7852-4cf7-892f-778d99f49bcb" #UID of Service_Accounts
    base_dn = "CN=Network Identity Service - Accounts,OU=Users,DC=example,DC=com"
  }
}

terraform validate returns this error:

Error: Incorrect attribute value type

  on access-roles.tf line 16, in resource "checkpoint_management_access_role" "aaa_access_role_test":
  16:     selection = "d996557a-7852-4cf7-892f-778d99f49bcb"

Inappropriate value for attribute "selection": set of string required.

Could you advise on what is expected in the selection field? Documentation states that the UID of an object selected from source should be there.

deutmeyerbrianpfg commented 3 years ago

@Draxter - Try doing selection = ["AD Object Name"]

deutmeyerbrianpfg commented 3 years ago

No worries. It has to be a list so you can add multiple AD groups to your access role. I'm guessing UID would work as long as it is in a list.

Draxter commented 3 years ago

@deutmeyerbrianpfg Thanks, that worked, I also had to change source line to match the entry for my AD, here's the full users block:

  users {
    source = "EXAMPLE.COM__AD"
    selection = ["Network Identity Service - Accounts"]
    base_dn = "CN=Network Identity Service - Accounts,OU=Users,DC=example,DC=com"
  }