Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nutanix_access_control_policy unable to be applied due to scope validation. #688

Open
jkmills opened this issue Sep 19, 2024 · 0 comments · May be fixed by #692
Open

nutanix_access_control_policy unable to be applied due to scope validation. #688

jkmills opened this issue Sep 19, 2024 · 0 comments · May be fixed by #692
Labels
1.9.6

Comments

@jkmills
Copy link

jkmills commented Sep 19, 2024

Nutanix Cluster Information

Nutanix Cluster 6.8.1
Prism Central 2024.1.0.2

Terraform Version

Terraform v1.9.5
on linux_amd64
+ provider registry.terraform.io/nutanix/nutanix v1.2.0

Affected Resource(s)

nutanix_access_control_policy

Terraform Configuration Files

    context_filter_list {
        entity_filter_expression_list {
            left_hand_side_entity_type = "all"
            operator                   = "IN"

            right_hand_side {
                collection = "ALL"
                uuid_list  = []
            }
        }
        scope_filter_expression_list {
            left_hand_side = "CLUSTER"
            operator       = "IN"

            right_hand_side {
                collection = "ALL"
                uuid_list  = []
            }
        }
    }

Expected Behavior

This is from a import of a ACP that gives permissions across all clusters.

Actual Behavior

Running terraform plan results in an error:

expected context_filter_list.1.scope_filter_expression_list.0.left_hand_side to be one of [CATEGORY PROJECT], got CLUSTER

If we change CLUSTER to CATEGORY terraform plan completes, but terraform apply gives this error:

 Error: error updating access control policy id 54ed7fe3-7316-4491-9a4e-9176c46be14a): error: {
   "api_version": "3.1",
   "code": 422,
   "message_list": [
     {
       "message": "Validation error. Incorrect filters : Only CLUSTER in Scope allowed with this role.",
       "reason": "VALIDATION_ERROR"
     }
   ],
   "state": "ERROR"
 }
 
   with nutanix_access_control_policy.prism_viewer_01,
   on main.tf line 90, in resource "nutanix_access_control_policy" "prism_viewer_01":
   90: resource "nutanix_access_control_policy" "prism_viewer_01" {

Steps to Reproduce

  1. Import or create ACP for Prism Admin or Prism Viewer role with cluster scope.
  2. terraform plan
  3. Change CLUSTER to CATEGORY or PROJECT as directed.
  4. terraform plan
  5. terraform apply
@Haroon-Dweikat-Ntx Haroon-Dweikat-Ntx linked a pull request Oct 2, 2024 that will close this issue
fix validation for access control policy #692
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1.9.6
Projects
Terraform 1.9.6
Status: This is need to review
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix validation for access control policy nutanix/terraform-provider-nutanix
2 participants
@jkmills @abhimutant