oci_identity_policy error when creating dynamic groups in a loop
Closed this issue · 1 comments
binbashroot commented
Terraform throws errors when policy syntax is included when creating dynamic groups. If I attempt to use the id of the compartment or tenancy in the policy_compartment_id field , TF will fail in provisioning.
VERSION: Terraform v0.14.7
OS: OEL 7
TF CODE:
module "CreateDynamicGroup" {
source = "./modules/iam-dynamic-group"
tenancy_ocid = var.tenancy_ocid
for_each = module.CreateCompartment
dynamic_group_name = "${each.value.compartment_name}_dynamic_group"
dynamic_group_description = "${each.value.compartment_name} dynamic group"
matching_rule = "Any {Any {instance.compartment.id = '${each.value.compartment_id}'}}"
policy_compartment_id = each.value.compartment_id
policy_name = "${each.value.compartment_name}_instance_principal"
policy_description = "${each.value.compartment_name} instance principal policy"
policy_statements = [
"Allow dynamic-group ${each.value.compartment_name}_dynamic_group to manage objects in ${each.value.compartment_name}",
"Allow dynamic-group ${each.value.compartment_name}_dynamic_group to manage buckets in ${each.value.compartment_name}"
]
}
ERRORS:
Error: Service error:InvalidParameter. 'syntax error starting with <example_prod>'@'line 1, char 64'
. http status code: 400. Opc request id: 0622...shortened_for_brevity
on modules/iam-dynamic-group/main.tf line 40, in resource "oci_identity_policy" "this":
40: resource "oci_identity_policy" "this" {
Error: Service error:InvalidParameter. 'syntax error starting with <example_lower>'@'line 1, char 65'
. http status code: 400. Opc request id: 2e1b9168.......shortened_for_brevity
on modules/iam-dynamic-group/main.tf line 40, in resource "oci_identity_policy" "this":
40: resource "oci_identity_policy" "this" {
binbashroot commented
Closing. Damn typo. Profuse apologies.