Any documentation on minimal security required for this provider?

[BraddMPiontek]

We are converting from a previous infoblox provider that worked with the GRID api (but is not Terraform .12 capable) and our switching to this more official release so we can upgrade to terraform 0.12. It appears our Infoblox device has the Cloud API licensed, so when we switched to this provider, it created everythign using that. We can no longer delete any of our resources.

Is there a document on what permissions are required to use the Cloud API to create and delete resources created by this provider? Our network administrator is not too keen on making our login a super user.

[AvRajath]

When you applied the CNA license(cloud api) did you mean that it created everything i.e EAs? or the resources wrt to network/records?

for more details on Cloud API user for Creating Limited-Access Admin Groups https://docs.infoblox.com/display/NAG8/About+Admin+Groups#AboutAdminGroups-bookmark393

Also this below link might be helpful : https://docs.infoblox.com/display/NAG8/About+Administrative+Permissions Look for "Defining Object Permissions"

More on using our terraform plugin: https://docs.infoblox.com/display/ILP/NIOS?preview=%2F8945695%2F48210917%2FIPAM+Driver+for+Terraform+1.0.pdf

[BraddMPiontek]

Thanks for the links. I forwarded them to our networking team to review.

I am referring to the resources terraform creates. I have no problem creating IPs, CNAME records, A records, ptr records, but we can not delete them.

[AvRajath]

How are you trying to delete the resources? You should use "terraform destroy" to delete the resources created. Other than Network View everything should be destroyed on running the above.

[BraddMPiontek]

Yes, of course we are trying to remove them with terraform destroy. (although the same error occurs in the UI). Thanks for the links. I think other's may benefit from having security setup in the provider README.