resource parameter not available in flexibleengine_identity_role_v3

[screwyy]

Hello,

I would like to have Resource parameter available in flexibleengine_identity_role_v3 in the policy

Terraform Version

Terraform v0.12.28

• provider.flexibleengine v1.14.0
• provider.mysql v1.9.0

Affected Resource(s)

flexibleengine_identity_group_v3

Terraform Configuration Files

resource "flexibleengine_identity_role_v3" "ady_project_role" {
  name        = "ady_project_role"
  description = "ady custom project role with terraform"
  scope       = "project"

  policy {
    effect = "Allow"
    action = ["obs:bucket:*"]
  }
}

Expected Behavior

I would like to add something like this in the policy:

{
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "obs:bucket:*"
            ],
            "Resource": [
                "obs:*:*:bucket:*"
            ],
            "Effect": "Allow"
        }
    ]
}

this Resource list is not available in flexibleengine_identity_role_v3:

            "Resource": [
                "obs:*:*:bucket:*"
            ]

[niuzhenguo]

@screwyy Sorry for the late response. You mean a new custom policy resource, need to check if the API is available first.

[antonin-a]

Hello @screwyy , this feature is under development and we would like to deliver it by the end of this year. Stay tuned :)

[fculpo]

We also really need this. At the moment we cannot use flexibleengine_identity_role_v3 and must use the console, which is far from optimal.

[antonin-a]

@niuzhenguo are you sure that is it not available on APIs side ? It is described on the online help here : https://docs.prod-cloud-ocb.orange-business.com/api/iam/iam_02_0013.html (Table 5)

[niuzhenguo]

@fculpo @antonin-a Sorry for the misleading, we will add a new flexibleengine_identity_policy resource for the custom policy.

[antonin-a]

Great ! Thank a lot @niuzhenguo

[LIUhuan123456]

Hello, Aligned with Niuzhenguo, will update this on FE mid-janurary.

[niuzhenguo]

@Jason-Zhang9309 ^