Skip to content

nutanix_access_control_policy unable to be applied due to scope validation. #688

Closed
#692
Closed
nutanix_access_control_policy unable to be applied due to scope validation.#688
#692
Assignees
Haroon-Dweikat-Ntx
Labels
2.3.0
@jkmills

Description

@jkmills
jkmills
opened on Sep 19, 2024

Nutanix Cluster Information

Nutanix Cluster 6.8.1
Prism Central 2024.1.0.2

Terraform Version

Terraform v1.9.5
on linux_amd64
+ provider registry.terraform.io/nutanix/nutanix v1.2.0

Affected Resource(s)

nutanix_access_control_policy

Terraform Configuration Files

    context_filter_list {
        entity_filter_expression_list {
            left_hand_side_entity_type = "all"
            operator                   = "IN"

            right_hand_side {
                collection = "ALL"
                uuid_list  = []
            }
        }
        scope_filter_expression_list {
            left_hand_side = "CLUSTER"
            operator       = "IN"

            right_hand_side {
                collection = "ALL"
                uuid_list  = []
            }
        }
    }

Expected Behavior

This is from a import of a ACP that gives permissions across all clusters.

Actual Behavior

Running terraform plan results in an error:

expected context_filter_list.1.scope_filter_expression_list.0.left_hand_side to be one of [CATEGORY PROJECT], got CLUSTER

If we change CLUSTER to CATEGORY terraform plan completes, but terraform apply gives this error:

 Error: error updating access control policy id 54ed7fe3-7316-4491-9a4e-9176c46be14a): error: {
   "api_version": "3.1",
   "code": 422,
   "message_list": [
     {
       "message": "Validation error. Incorrect filters : Only CLUSTER in Scope allowed with this role.",
       "reason": "VALIDATION_ERROR"
     }
   ],
   "state": "ERROR"
 }
 
   with nutanix_access_control_policy.prism_viewer_01,
   on main.tf line 90, in resource "nutanix_access_control_policy" "prism_viewer_01":
   90: resource "nutanix_access_control_policy" "prism_viewer_01" {

Steps to Reproduce

  1. Import or create ACP for Prism Admin or Prism Viewer role with cluster scope.
  2. terraform plan
  3. Change CLUSTER to CATEGORY or PROJECT as directed.
  4. terraform plan
  5. terraform apply

Metadata

Metadata

Assignees

Labels

2.3.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions