Open chechuironman opened 1 year ago
I think I found a solution. The documentation is not correct, but this seems to work.
resource "ibm_iam_access_group" "vpn_client" {
name = "vpn-client"
description = "VPN client access group"
}
resource "ibm_iam_access_group_policy" "vpn_client_policy" {
access_group_id = ibm_iam_access_group.vpn_client.id
roles = ["VPN Client"]
resources {
service = "is"
}
}
It creates this JSON:
{
"type": "access",
"roles": [
{
"role_id": "crn:v1:bluemix:public:is::::serviceRole:VPNClient"
}
],
"resources": [
{
"attributes": [
{
"name": "accountId",
"value": "XXX"
},
{
"name": "serviceName",
"value": "is"
}
]
}
],
"subjects": [
{
"attributes": [
{
"name": "access_group_id",
"value": "AccessGroupId-XXX"
}
]
}
]
}
This is the documentation I was referring to.
VPN Client is not in the list of roles.
Im trying to create a VPN Client role on the access tab of the Access Group with this
resource "ibm_iam_access_group_policy" "policy" { access_group_id = ibm_iam_access_group.access_group.id roles = ["VPN Client"]
resources { service = "is"
} }
But get this error... \"message\": \"Invalid role(s): crn:v1:bluemix:public:is::::serviceRole:VPNClient\"",
What should be the role to use within TF?