Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to create resource as non-admin account #591

Closed
bryand2 opened this issue Jun 4, 2019 · 7 comments
Closed

Unable to create resource as non-admin account #591

bryand2 opened this issue Jun 4, 2019 · 7 comments
Assignees
@hkantare

Comments

@bryand2
Copy link

bryand2 commented Jun 4, 2019
edited
Loading

Using terraform v11.14 and ibm provider plugin v17.

When using a non-admin account, terraform script is failing to create a resource. Getting error message:

Error occured while configuring Resource Management service: “Request failed with status code: 400, BXNIM0106E: Validation of property ‘response_type’ with value ‘[uaa, cloud_iam]’ failed. Valid values: ‘cloud_iam’”

Seems like it is unable to get the info on the specified resource group. *** Important piece here is if I use the ibmcloud cli with this same api key (i.e. ibmcloud login --apikey) the problem does NOT occur ... so this tells me from a IAM perspective my settings are correct and this problem is specific to terraform ***

Here's the script to reproduce:

data "ibm_resource_group" "resource_group" {
name = "ClusterEnv"
}

provider "ibm" {
bluemix_api_key = ""
}

resource "ibm_is_vpc" "vpc1" {
name = "bryan-iamtest-vpc1"
resource_group = "${data.ibm_resource_group.resource_group.id}"
}
@bryand2
Copy link
Author

bryand2 commented Jun 4, 2019
edited
Loading

Haven't been able to test myself, but it seems the problem originates from the underlying bluemix-go code. Proposed fix seems to be to edit "authentication/iam.go" and change the line:

Field("response_type", "cloud_iam,uaa") ==> Field("response_type", "cloud_iam")

Reference: IBM-Cloud/bluemix-go#87
Reference2: IBM-Cloud/bluemix-go#101
Reference3: IBM-Cloud/bluemix-go#107

@sakshiag
Copy link
Collaborator

sakshiag commented Jun 5, 2019
edited
Loading

Thanks bryan for sharing the information.. I have tested with my api key, it seems the current code works fine.. But when I tested with the api key (which has non admin access)provided by bryan it failed with the above error. We will confirm and make the changes accordingly if required.

@bryand2
Copy link
Author

bryand2 commented Jun 5, 2019

Thanks Sakshi. Maybe your api key has elevated access? One thing to keep in mind is I don't experience this problem when using the ibmcloud cli, so that tells me the api key I'm using should also work via terraform.

@hkantare
Copy link
Collaborator

hkantare commented Jun 6, 2019

@bryand2 The APIKEY which you used is an ServiceID API key?

@bryand2
Copy link
Author

bryand2 commented Jun 6, 2019

@hkantare Thanks for your help. yes it is.

@hkantare
Copy link
Collaborator

Fixed in latest release we can use serviceID APikey to provision resources

@hkantare
Copy link
Collaborator

closing the issue as its available in latest releases

@hkantare hkantare self-assigned this Nov 18, 2019
@qibobo qibobo mentioned this issue Mar 11, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hkantare hkantare

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hkantare @sakshiag @bryand2