Open monil-panchal opened 2 years ago
We ll be creating a new datasource for access_group_policy.. This cannot be included in the access_group datasource..
We have a open issue for this feature already https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2633
Okay to let me rephrase my requirements -
ibm_iam_access_group_policy
data sourceibm_iam_access_group_policy
as a list
attribute in the ibm_iam_access_group data source.This cannot be included in the access_group datasource..
@kavya498 - Is there any specific reason for not including the ibm_iam_access_group_policy
attribute in the existing ibm_iam_access_group
data source?
Out of four list
attributes (refer to the above screenshot of IAM access group), only iam_service_ids
, ibm_ids
, and rules
are currently fetched in the ibm_access_group_policy
data source?
Here's a sample response
+ access_group = {
+ access_group_name = "dev-reader-test"
+ groups = [
+ {
+ description = "Read access to all dev resources"
+ iam_service_ids = []
+ ibm_ids = [
+ "Monil.Panchal@ibm.com",
]
+ id = "AccessGroupId-******"
+ name = "cd-dev-reader"
+ rules = []
},
]
+ id = "************"
}
One of the use cases that I can think of is accessing ibm_iam_access_group_policy
as an attribute along with the iam_service_ids
, ibm_ids
, and rules
for all of my IAM access groups using the ibm_iam_access_group
data source.
Even if there is a new separate ibm_iam_access_group_policy
data source, without accessing theibm_iam_access_group_policy
attribute inside the ibm_iam_access_group
data source, I'll be obligated to write extra LOC to address my use case.
Community Note
Description
The
ibm_iam_access_group
data source is missing the capability to retrieve the list ofibm_access_group_policy
defined within it. Currently, it provides access to only the iam_service_ids, ibm_ids, and Dynamic rules attributes.Though there is an
ibm_access_group_policy
Resource to Create, update, or delete an IAM policy for a given IAM Access group, there is no data source to access theibm_access_group_policy
directly or within the existingibm_iam_access_group
data source.Having access to the
Access Policies
could be an essential/must-have attribute for certain use cases when using theIAM Access Group
data source.New or Affected Resource(s)
iam_access_group_policy
iam_access_group_policy
(list) in the iam_access_groupReferences