[BUG] rancher2_auth_config_freeipa Forbidden but configuring on UI works

[josedev-union]

Rancher Server Setup

• Rancher version: 2.7.2 2.6.11
• Installation option (Helm Chart): 2.7.2 rke2 1.25.7 2.6.11 rke2 1.24.10
• Proxy/Cert Details No proxy

Information about the Cluster

• Kubernetes version:
• Cluster Type (Local): Custom on openstack

User Information

• What is the role of the user logged in? Admin

  
  provider "rancher2" {
  alias = "bootstrap"
  
  api_url   = "https://${local.rancher_host}/"
  insecure  = true
  bootstrap = true
  }

provider "rancher2" { alias = "admin"

api_url = rancher2_bootstrap.admin.url token_key = rancher2_bootstrap.admin.token insecure = true }

resource "rancher2_bootstrap" "admin" { provider = rancher2.bootstrap initial_password = var.rancher_bootstrap_password password = var.rancher_admin_password

telemetry = false

depends_on = [ helm_release.rancher, ] }

### Provider Information
- What is the version of the Rancher v2 Terraform Provider in use? 2.19.0
- What is the version of Terraform in use? 1.1.5

### Describe the bug
When i try to configure Freeipa auth provider using `rancher2_auth_config_freeipa`, it returns 403 Forbidden.

│ Error: Bad response statusCode [403]. Status [403 Forbidden]. Body: [baseType=error, code=PermissionDenied, message=Permission denied] from [https://xyz/v3/freeIpaConfigs/freeipa?action=testAndApply] │ │ with rancher2_auth_config_freeipa.freeipa[0], │ on freeipa.tf line 1, in resource "rancher2_auth_config_freeipa" "freeipa": │ 1: resource "rancher2_auth_config_freeipa" "freeipa" { │ ╵

I can configure it on rancher UI using the same information without any issue.

### To Reproduce

• resource "rancher2_auth_config_freeipa" "freeipa" {
  • access_mode = "restricted"
  • allowed_principal_ids = [
    • "freeipa_group://cn=operator,cn=groups,cn=accounts,dc=test,dc=in",
    • "freeipa_group://cn=admin,cn=groups,cn=accounts,dc=test,dc=in",
    • "freeipa_user://uid=svc_rancher,cn=users,cn=accounts,dc=test,dc=in", ]
  • annotations = (known after apply)
  • certificate = (sensitive value)
  • connection_timeout = 5000
  • enabled = true
  • group_dn_attribute = (known after apply)
  • group_member_mapping_attribute = (known after apply)
  • group_member_user_attribute = (known after apply)
  • group_name_attribute = (known after apply)
  • group_object_class = (known after apply)
  • group_search_attribute = (known after apply)
  • group_search_base = "cn=groups,cn=accounts,dc=test,dc=in"
  • id = (known after apply)
  • labels = (known after apply)
  • name = (known after apply)
  • nested_group_membership_enabled = (known after apply)
  • port = 636
  • servers = [
    • "dev-freeipa.test.in", ]
  • service_account_distinguished_name = (sensitive value)
  • service_account_password = (sensitive value)
  • test_password = (sensitive value)
  • test_username = "rancher_test"
  • tls = true
  • type = (known after apply)
  • user_disabled_bit_mask = (known after apply)
  • user_enabled_attribute = (known after apply)
  • user_login_attribute = (known after apply)
  • user_member_attribute = (known after apply)
  • user_name_attribute = (known after apply)
  • user_object_class = (known after apply)
  • user_search_attribute = (known after apply)
  • user_search_base = "dc=test,dc=in" }

Actual Result

│ Error: Bad response statusCode [403]. Status [403 Forbidden]. Body: [baseType=error, code=PermissionDenied, message=Permission denied] from [https://xyz/v3/freeIpaConfigs/freeipa?action=testAndApply]
│ 
│   with rancher2_auth_config_freeipa.freeipa[0],
│   on freeipa.tf line 1, in resource "rancher2_auth_config_freeipa" "freeipa":
│    1: resource "rancher2_auth_config_freeipa" "freeipa" {
│ 
╵

Expected Result

Freeipa should be configured without any error.

Screenshots

Additional context

[josedev-union]

more context is It works when access_mode is unrestricted but doesn't work when it is restricted or required.

[Dj00ntyBoi]

Could that be the same Issue as decribed in #676 ?