Error: Invalid Attribute Value Match from artifactory_scoped_token resource creation by Artifactory terraform provider while passing the action [r,w,d,a,m]
Closed this issue · 1 comments
Issue description:
When creating a "artifactory_scoped_token" with specific scopes using the terraform provider the resource declaration got failed after running "terraform apply" command with Error: Invalid Attribute Value Match.
The issue is observed while passing the actions more than read and write.
## This declaration doesn't work, it turns out "Error: Invalid Attribute Value Match"
resource "artifactory_scoped_token" "scoped_token_group" {
scopes = ["applied-permissions/groups:readers", "artifact:token-sample-generic-local:r,w,d,a,m"]
expires_in = 12600
} Error: Invalid Attribute Value Match
│
│ with artifactory_scoped_token.token-sample-group-token-read-write,
│ on main.tf line 17, in resource "artifactory_scoped_token" "token-sample-group-token-read-write":
│ 17: scopes = ["applied-permissions/groups:token-sample", "artifact:token-sample-generic-local:r,w,d"]
│
│ Attribute scopes[Value("artifact:token-sample-generic-local:r,w,d")] value must be one of: ["applied-permissions/user" "applied-permissions/admin" "system:metrics:r"
│ "system:livelogs:r"], got: "artifact:token-sample-generic-local:r,w,d"
╵
╷
│ Error: Invalid Attribute Value Match
│
│ with artifactory_scoped_token.token-sample-group-token-read-write,
│ on main.tf line 17, in resource "artifactory_scoped_token" "token-sample-group-token-read-write":
│ 17: scopes = ["applied-permissions/groups:token-sample", "artifact:token-sample-generic-local:r,w,d"]
│
│ Attribute scopes[Value("artifact:token-sample-generic-local:r,w,d")] must be 'applied-permissions/groups:<group-name>[,<group-name>...]', got:
│ artifact:token-sample-generic-local:r,w,d
╵
╷
│ Error: Invalid Attribute Value Match
│
│ with artifactory_scoped_token.token-sample-group-token-read-write,
│ on main.tf line 17, in resource "artifactory_scoped_token" "token-sample-group-token-read-write":
│ 17: scopes = ["applied-permissions/groups:token-sample", "artifact:token-sample-generic-local:r,w,d"]
│
│ Attribute scopes[Value("artifact:token-sample-generic-local:r,w,d")] must be 'applied-permissions/roles:<project-key>:<role-name>[,<role-name>...]', got:
│ artifact:token-sample-generic-local:r,w,d
╵
╷
│ Error: Invalid Attribute Value Match
│
│ with artifactory_scoped_token.token-sample-group-token-read-write,
│ on main.tf line 17, in resource "artifactory_scoped_token" "token-sample-group-token-read-write":
│ 17: scopes = ["applied-permissions/groups:token-sample", "artifact:token-sample-generic-local:r,w,d"]
│
│ Attribute scopes[Value("artifact:token-sample-generic-local:r,w,d")] must be '<resource-type>:<target>[/<sub-resource>]:<actions>', got:
│ artifact:token-sample-generic-local:r,w,dHowever with action, read, write and * works as expected.
## This declaration works
resource "artifactory_scoped_token" "token-sample-group-token-read-write" {
scopes = ["applied-permissions/groups:token-sample-dev", "artifact:token-sample-generic-local:r,w"]
expires_in = 12600
}## and this declaration works
resource "artifactory_scoped_token" "token-sample-group-token-read-write" {
scopes = ["applied-permissions/groups:token-sample", "artifact:token-sample-generic-local:*"]
expires_in = 12600
}Reference Link:
https://registry.terraform.io/providers/jfrog/artifactory/latest/docs/resources/scoped_token
Environment
Artifactory Version: v7.84.10
Terraform v1.8.3
jfrog/artifactory v10.8.2
Expected behavior
The ability to create a token with all permission levels should be supported. Additionally, the supported actions are mentioned in the Terraform provider documentation here. The actions allowed include "r" (read), "w" (write), "d" (delete), "a" (annotate), "m" (manage), "x" (read,write,annotate,delete), "s" (deploy), or any combination of these actions. To allow all actions, you can use "*".
@janardhanajl Thanks for reporting the issue. I've added this to our plan to investigate.