search

IBM-Cloud / terraform-provider-ibm

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs
Mozilla Public License 2.0
341 stars 670 forks source link

Feature Request: Support for Authorization policies between service instances #631

Closed hkantare closed 4 years ago

hkantare commented 5 years ago

I was looking at the iam documentation, but I wasn't able to find an example case like this. Is it possible?

image

powellquiring commented 5 years ago

I was going to use schematics to capture some infrastructure configuration and need the ability to do the equivalent of this in terraform:

  ibmcloud iam authorization-policy-create \
    is \
    cloud-object-storage \
    Reader \
    --source-resource-type image \
    --target-service-instance-id $COS_GUID

This would allow the vpc is image service to access a COS instance so that a vhd image in a COS bucket can be imported into a vpc image.

Work around:

resource "ibm_resource_instance" "cos_instance" {
  name              = "${var.cos_instance_name}"
  service           = "cloud-object-storage"
  plan              = "standard"
  location          = "global"
}

resource "null_resource" "iam_is_image_access_cos" {
  provisioner "local-exec" {
    command = "ibmcloud iam authorization-policy-create is cloud-object-storage Reader --source-resource-type image --target-service-instance-id ${ibm_resource_instance.cos_instance.id}"
  }
hkantare commented 5 years ago

Support for creating authorization policies between two services is available as part of v0.19.0 https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v0.19.0