search

terraform-ibm-modules / terraform-ibm-cbr

This module can be used to provision and configure Context Based Restrictions.
Apache License 2.0
0 stars 2 forks source link

Setting global deny on icd results in an error #517

Closed vburckhardt closed 1 month ago

vburckhardt commented 2 months ago

for global deny https://github.com/terraform-ibm-modules/terraform-ibm-cbr/blob/ed6936e21744433eae52e6ff7cb054ae120adbb3/modules/fscloud/main.tf#L444 apitype is set by default to crn:v1:bluemix:public:context-based-restrictions::::api-type:, but this won't work for services like ICD that does not support this value.

Missing the equivalent of https://github.com/terraform-ibm-modules/terraform-ibm-cbr/blob/ed6936e21744433eae52e6ff7cb054ae120adbb3/modules/fscloud/main.tf#L418C29-L423C7 in that call to the cbr-rule-module for global deny.

vburckhardt commented 2 months ago

Example of error with 

target_service_details = {
    "databases-for-postgresql" = {
      "enforcement_mode" = "disabled"
      "target_rg"        = module.resource_group.resource_group_id
    }
}
     "Result": {
│         "errors": [
│             {
│                 "code": "invalid_api_type",
│                 "message": "Invalid API type 'crn:v1:bluemix:public:context-based-restrictions::::api-type:'. Valid API types for service 'databases-for-postgresql' are: crn:v1:bluemix:public:context-based-restrictions::::api-type:data-plane",
│                 "target": {
│                     "name": "api_types",
│                     "type": "field",
│                     "value": "crn:v1:bluemix:public:context-based-restrictions::::api-type:"
│                 }
│             }
│         ],
│         "status_code": 400,
│         "trace": "23cac338-15ab-4ed1-bdd5-2ba56dba938f"
│     },
│     "RawResult": null
Ak-sky commented 1 month ago

Fix available in release https://github.com/terraform-ibm-modules/terraform-ibm-cbr/releases/tag/v1.24.1, closing this.