The confluent_schema_registry_cluster_config resource requires an API key and secret, but the documentation does not tell what the minimum required permissions are on the associated service account.
The best I could find that actually works, and allows me to create the resource was ResourceOwner with subject=* but it took a considerable amount of trial-and-error to find that, and even then I am not sure if it is actually the least permissions required to make the resource work.
https://registry.terraform.io/providers/confluentinc/confluent/latest/docs/resources/confluent_schema_registry_cluster_config
The
confluent_schema_registry_cluster_configresource requires an API key and secret, but the documentation does not tell what the minimum required permissions are on the associated service account.The best I could find that actually works, and allows me to create the resource was
ResourceOwnerwithsubject=*but it took a considerable amount of trial-and-error to find that, and even then I am not sure if it is actually the least permissions required to make the resource work.