search

IBM-Cloud / terraform-provider-ibm

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs
Mozilla Public License 2.0
336 stars 645 forks source link

getting failure message "The following resource attribute(s) had multiple entries: accountId" #5471

Open gvolpe1968 opened 5 days ago

gvolpe1968 commented 5 days ago 
terraform --version
Terraform v1.8.4
on darwin_arm64
+ provider registry.terraform.io/ibm-cloud/ibm v1.67.0-beta0

Your version of Terraform is out of date! The latest version
is 1.8.5. You can update by downloading from https://www.terraform.io/downloads.html

I have an error on the TF provider while working with IAM policies

I'm getting

     "Result": {
        "errors": [
             {
                 "code": "invalid_body",
                 "message": "The following resource attribute(s) had multiple entries: accountId"
            }
         ],
         "status_code": 400,
         "trace": "a51ade43426f4c72a4dfbd9cecbdebc4"
    },

for all policies but there are no multiple instances of the given accountId entry really

hkantare commented 5 days ago

@Rajesh-Pirati Can you look into this

Rajesh-Pirati commented 5 days ago

we could see multiple accountId's in the input payload based on your transaction-id and please find below snippet.

            "transaction-id": "a51ade43426f4c72a4dfbd9cecbdebc4"
        },
        "header_bytes_estimate": 2743,
        "remote_address": "undefined",
        "body": {
            "description": "(Migrated) Auto-generated for key 85059df6-ca1d-456f-985a-d0d49c233441",
            "resources": [
                {
                    "attributes": [
                        {
                            "name": "accountId",
                            "value": "xxxxxx",
                            "operator": "stringEquals"
                        },
                        {
                            "name": "serviceName",
                            "value": "logs",
                            "operator": "stringEquals"
                        },
                        {
                            "name": "accountId",
                            "value": "xxxxx",
                            "operator": "stringEquals"
                        }
                    ]
                }
            ],

Have you included accountId details in the terraform configurations?

gvolpe1968 commented 5 days ago

what do you mean by configration ? this is the working folder 

$ ls -la
total 48
drwxr-xr-x  9 gianluca  staff   288 Jun 25 18:39 .
drwxr-xr-x  6 gianluca  staff   192 Jun 25 18:39 ..
-rw-r--r--@ 1 gianluca  staff  1590 Jun 25 18:39 iam_groups.tf
-rw-r--r--@ 1 gianluca  staff   942 Jun 25 18:39 iam_profiles.tf
-rw-r--r--@ 1 gianluca  staff  1765 Jun 25 18:39 iam_service_ids.tf
-rw-r--r--  1 gianluca  staff     0 Jun 25 18:39 iam_users.tf
-rwxr-xr-x  1 gianluca  staff    25 Jun 25 18:39 provider.tf
-rwxr-xr-x  1 gianluca  staff   590 Jun 25 18:39 variable.tf
-rwxr-xr-x  1 gianluca  staff   154 Jun 25 18:39 version.tf

$ grep -i accountid *
iam_groups.tf:      name  = "accountId"
iam_groups.tf:      name  = "accountId"
iam_groups.tf:      name  = "accountId"
iam_profiles.tf:        name  = "accountId"
iam_profiles.tf:        name  = "accountId"
iam_service_ids.tf:     name  = "accountId"
iam_service_ids.tf:     name  = "accountId"
iam_service_ids.tf:     name  = "accountId"
gvolpe1968 commented 5 days ago

the following is one of the files that are returning the duplication error as you can see there is only one accountId per resource

$ cat iam_service_ids.tf 
 resource "ibm_iam_service_policy" "policy-1719333557384794" {
     iam_service_id = "ServiceId-5e6e3c48-33b4-49a9-8bc3-c722bea0d2d9"
     roles = ["Reader"]
     #source_policy_id:4cbe5998-728e-4eef-b56c-d26698303a36
     description = "(Migrated) "

    resource_attributes {
        name  = "serviceName"
        value = "logs"
    }
    resource_attributes {
        name  = "accountId"
        value = "81de6380e6232019c6567c9c8de6dece"
        operator = "stringEquals"
    }

}
 resource "ibm_iam_service_policy" "policy-1719333561642596" {
     iam_service_id = "ServiceId-d4a009dc-98ab-4ac8-991c-ae377e73e67c"
     roles = ["Administrator"]
     #source_policy_id:23b021b6-0aec-4dbf-b6f1-69d2f79a799f
     description = "(Migrated) Auto-generated for key crn:v1:bluemix:public:logdnaat:eu-es:a/81de6380e6232019c6567c9c8de6dece:bd9ca767-c8ce-45a6-8148-45c563208161:resource-key:14c255cd-f17c-4820-bb67-974da5639c42"

    resource_attributes {
        name  = "serviceName"
        value = "logs"
    }
    resource_attributes {
        name  = "resource_instance_id"
        value = "409a4c23-073d-4273-9c6d-3111307be016"
        operator = "stringEqual"
    }
    resource_attributes {
        name  = "accountId"
        value = "81de6380e6232019c6567c9c8de6dece"
        operator = "stringEquals"
    }

}
 resource "ibm_iam_service_policy" "policy-1719333583331487" {
     iam_service_id = "ServiceId-d199f18e-fd6d-402a-b873-ea615751cf8d"
     roles = ["Viewer","Writer"]
     #source_policy_id:2f40191e-1340-4c6d-8ed3-47860ac0d723
     description = "(Migrated) Auto-generated for key 85059df6-ca1d-456f-985a-d0d49c233441"

    resource_attributes {
        name  = "serviceName"
        value = "logs"
    }
    resource_attributes {
        name  = "accountId"
        value = "81de6380e6232019c6567c9c8de6dece"
        operator = "stringEquals"
    }

}
Rajesh-Pirati commented 4 days ago

name = "accountId" attribute is not required. Please remove and try. more info : https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_service_policy