IAM policies with compliance metadata fail when creating via Terraform
The rql_search and saved_search create without issue.
The policy creation failed on several runs,
my first error was the 400,
consecutive failures were 500s.
│ Error: 400/https://api3.prismacloud.io/policy Error(msg:compliance_mapping_update_disallowed_for_policy_type severity:error subject:compliance_mapping_update_disallowed_for_policy_type)
│
│ with prismacloud_policy.this["AWS effective permissions granting wildcard resource access - created by terraform"],
│ on policies.tf line 62, in resource "prismacloud_policy" "this":
│ 62: resource "prismacloud_policy" "this" {
│ Error: 500 error without the "X-Redlock-Status" header - returned HTML:
│ {"timestamp":"2021-10-14T16:06:17.613+00:00","status":500,"error":"Internal Server Error","message":"","path":"/api/v1/permission"}
│
│ with prismacloud_rql_search.this["AWS effective permissions granting wildcard resource access - created by terraform"],
│ on policies.tf line 34, in resource "prismacloud_rql_search" "this":
│ 34: resource "prismacloud_rql_search" "this" {
Describe the bug
IAM policies with compliance metadata fail when creating via Terraform The rql_search and saved_search create without issue.
The policy creation failed on several runs, my first error was the 400, consecutive failures were 500s.
API documentation shows that iam type policies can be hooked up to standards. https://prisma.pan.dev/api/cloud/cspm/policy/#operation/add-policy
Expected behavior
Policy should create
Current behavior
400 error is thrown with the error: compliance_mapping_update_disallowed_for_policy_type
Possible solution
Steps to reproduce
Define a Prisma policy of type
iam
and use compliance_metadata {} to attach it to a standard.Screenshots
Context
Cannot get IAM policies into our Prisma instance.
Your Environment