Reputation: 31
Terraform Show changes in IAM permission for user in gcp
I am trying to add Users and Groups in a gcp project via terraform. I have used following as an example:
resource "google_project_iam_binding" "this" {
project = var.project_id
role = "roles/serviceusage.apiKeysAdmin"
members = ["group:[email protected]"]
}
I am running this in loop so its able to add multiple users and groups.
However, when user or group is added and their permission modified, say they have been given additional permission like roles/ml.developer manually, terraform plan isn't showing any diff in role added.
Is there any other resource I should be using for this scenario? Note: I have used google_project_iam_member resource as well but with same result as google_project_iam_binding.
Upvotes: 0
Views: 220
Answers (1)
Reputation: 197
If the config is being changed somewhere else, then it's normal. Terraform doesn't check the entire object you're creating when refreshing. You will need to import the changes outside terraform with a terraform import to be able to manage it with Terraform.
This depends on how provider are coded, they rather have fine grain controls on what is controlled with Terraform and if a role is creating with some other tools, ex : Organization policies or some other Terraform project it won't collid every time.
Upvotes: 0
Related Questions
- (Terraform, GCP) Error 403: Permission denied to list services for consumer container [projects/335478934851]
- Terraform Error with GCP for compute.networks.create
- how can we add project number from variable in terraform gcp resource iam binding
- Add new users as members to GCP Cloud Identity Group using Terraform
- Terraform Using two different map's for resource creation in gcp
- GCP predefines IAM roles per Project and Terraform
- How to properly create gcp service-account with roles in terraform
- Changing GCP IAM roles for multiple users