Open bwoolf1 opened 4 years ago
This is a bug in the IBM Cloud CLI, not in the IGC CLI.
This IBM Cloud CLI command doesn't work correctly:
$ ibmcloud iam access-group-policy-create GROUP_NAME --roles Viewer --resource-group-name RESOURCE_GROUP_NAME --attributes "resourceType=resource-group,resource=RESOURCE_GROUP_NAME"
It creates a policy with Viewer role and these details:
All service in RESOURCE_GROUP_NAME resource group resourceType string equals resource-group, resource string equals RESOURCE_GROUP_NAME
When created through the GUI, the resulting policy has these details:
RESOURCE_GROUP_NAME resource group resourceType string equals resource-group, resource string equals RESOURCE_GROUP_NAME
Notice the lack of the All service in clause. The policy without the clause allows users to crate a new service instance in the resource group; the policy with the clause does not.
Submitted an IBM support ticket:
CS1673167: Need the CLI command to create a policy that allows the user to create any service and add the new instance to a particular resource group
This is a bug in the IBM Cloud CLI, not in the IGC CLI.
This IBM Cloud CLI command doesn't work correctly:
It creates a policy with Viewer role and these details:
When created through the GUI, the resulting policy has these details:
Notice the lack of the All service in clause. The policy without the clause allows users to crate a new service instance in the resource group; the policy with the clause does not.