search

nutanix / terraform-provider-nutanix

Terraform Nutanix Provider
https://www.terraform.io/docs/providers/nutanix/
Mozilla Public License 2.0
101 stars 112 forks source link

nutanix_access_control_policy unable to be applied due to scope validation. #688

Open jkmills opened 2 months ago

jkmills commented 2 months ago

Nutanix Cluster Information

Nutanix Cluster 6.8.1 Prism Central 2024.1.0.2

Terraform Version

Terraform v1.9.5
on linux_amd64
+ provider registry.terraform.io/nutanix/nutanix v1.2.0

Affected Resource(s)

nutanix_access_control_policy

Terraform Configuration Files

    context_filter_list {
        entity_filter_expression_list {
            left_hand_side_entity_type = "all"
            operator                   = "IN"

            right_hand_side {
                collection = "ALL"
                uuid_list  = []
            }
        }
        scope_filter_expression_list {
            left_hand_side = "CLUSTER"
            operator       = "IN"

            right_hand_side {
                collection = "ALL"
                uuid_list  = []
            }
        }
    }

Expected Behavior

This is from a import of a ACP that gives permissions across all clusters.

Actual Behavior

Running terraform plan results in an error:

expected context_filter_list.1.scope_filter_expression_list.0.left_hand_side to be one of [CATEGORY PROJECT], got CLUSTER

If we change CLUSTER to CATEGORY terraform plan completes, but terraform apply gives this error:

 Error: error updating access control policy id 54ed7fe3-7316-4491-9a4e-9176c46be14a): error: {
   "api_version": "3.1",
   "code": 422,
   "message_list": [
     {
       "message": "Validation error. Incorrect filters : Only CLUSTER in Scope allowed with this role.",
       "reason": "VALIDATION_ERROR"
     }
   ],
   "state": "ERROR"
 }

   with nutanix_access_control_policy.prism_viewer_01,
   on main.tf line 90, in resource "nutanix_access_control_policy" "prism_viewer_01":
   90: resource "nutanix_access_control_policy" "prism_viewer_01" {

Steps to Reproduce

  1. Import or create ACP for Prism Admin or Prism Viewer role with cluster scope.
  2. terraform plan
  3. Change CLUSTER to CATEGORY or PROJECT as directed.
  4. terraform plan
  5. terraform apply