Hi, I've been struggling to successfully identify ...
# google-cloud
Hi, I've been struggling to successfully identify some our IAMBinding IDs. As a result of this, I'm getting the following error:
Copy code
error: Preview failed: importing <bucket-resource-name>/roles/storage.objectCreator: Wrong number of parts to Binding id [<bucket-resource-name>/roles/storage.objectCreator]; expected 'resource_name role [condition_title]'.
I tried so far with
, and
but I got the same error regardless. Any ideas?
Are you using the native or the classic provider?
I'm using the classic as imports haven't been implemented yet on the google-native API.
My first reflex was to use google-native, but then ran into this:
error: Preview failed: Import is not yet implemented
The classic provider uses the tfbridge to Terraform's Google Beta provider. I was just going through the code to check what it should be when I realized that it is on the error message. It says the expected form is
resource_name role [condition_title]
. The resource
is for one particular role of the bucket, there can be more than one
in the same bucket, so just the bucket name would cause a conflict. Try this:
b/<bucket_name> <role>
b/my_bucket roles/storage.admin
If you want to manage all the role assignments using a single resource that would be
Thanks @green-school-95910. I tried the first approach (prefixing with a
the resource name), but got the same error. Rather than manage, I wish to ensure that the bindings are reflected in my code, so we can easily provision an equivalent environment using the config provided by TF.
The key is not the
prefix alone, is the whitespace between the bucket name and the role
my goodness 🤯 Hadn't seen that one. Thanks !
Same goes for all the IAMBindings, not just the storage one. They are
<id of parent> " " <role> [" " <condition title>]
in IETF-like grammar
3 pieces separated by a single whitespace
For curiosity, that is implemented here
🥇 1