search

cloud-native-toolkit / planning

The is the planning repo to manage the cross project Epics and Issues. Tasks and Bugs
3 stars 1 forks source link

Bug in access-group-policy-create CLI command #85

Open bwoolf1 opened 4 years ago

bwoolf1 commented 4 years ago

This is a bug in the IBM Cloud CLI, not in the IGC CLI.

This IBM Cloud CLI command doesn't work correctly:

$ ibmcloud iam access-group-policy-create GROUP_NAME --roles Viewer --resource-group-name RESOURCE_GROUP_NAME --attributes "resourceType=resource-group,resource=RESOURCE_GROUP_NAME"

It creates a policy with Viewer role and these details:

All service in RESOURCE_GROUP_NAME resource group
resourceType string equals resource-group, resource string equals RESOURCE_GROUP_NAME

When created through the GUI, the resulting policy has these details:

RESOURCE_GROUP_NAME resource group
resourceType string equals resource-group, resource string equals RESOURCE_GROUP_NAME

Notice the lack of the All service in clause. The policy without the clause allows users to crate a new service instance in the resource group; the policy with the clause does not.

bwoolf1 commented 4 years ago

Submitted an IBM support ticket:

CS1673167: Need the CLI command to create a policy that allows the user to create any service and add the new instance to a particular resource group