Hi, I've been struggling to successfully identify some our IAMBinding IDs. As a result of this, I'm getting the following error:

error: Preview failed: importing <bucket-resource-name>/roles/storage.objectCreator: Wrong number of parts to Binding id [<bucket-resource-name>/roles/storage.objectCreator]; expected 'resource_name role [condition_title]'.

I tried so far with

<bucket_name>

,

b/<bucket_name>

,

<project-id>/<bucket-name>

, and

<project-id>/b/<bucket-name>

but I got the same error regardless. Any ideas?

Are you using the native or the classic provider?

I'm using the classic as imports haven't been implemented yet on the google-native API.

The classic provider uses the tfbridge to Terraform's Google Beta provider. I was just going through the code to check what it should be when I realized that it is on the error message. It says the expected form is

resource_name role [condition_title]

. The resource

IAMBinding

is for one particular role of the bucket, there can be more than one

IAMBinding

in the same bucket, so just the bucket name would cause a conflict. Try this:

b/<bucket_name> <role>

like

b/my_bucket roles/storage.admin

Thanks @green-school-95910. I tried the first approach (prefixing with a

b/

the resource name), but got the same error. Rather than manage, I wish to ensure that the bindings are reflected in my code, so we can easily provision an equivalent environment using the config provided by TF.

The key is not the

b/

prefix alone, is the whitespace between the bucket name and the role

my goodness 🤯 Hadn't seen that one. Thanks !

Same goes for all the IAMBindings, not just the storage one. They are

<id of parent> " " <role> [" " <condition title>]

in IETF-like grammar