Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resource.minio_iam_service_account ERROR "Policy, user or group names are not allowed to begin or end with space characters" #604

Open
horzone opened this issue Dec 26, 2024 · 0 comments
Open

resource.minio_iam_service_account ERROR "Policy, user or group names are not allowed to begin or end with space characters" #604

horzone opened this issue Dec 26, 2024 · 0 comments

Comments

@horzone
Copy link

horzone commented Dec 26, 2024

Description

When using Terraform to create a minio_iam_service_account resource, the following error occurs:

Error: [FATAL] error creating service account (test-user-name): Policy, user or group names are not allowed to begin or end with space characters

However, if the service account is created manually and then imported into the Terraform state, it works without issues.

Steps to Reproduce

  1. Create a MinIO user named test-user-name using the minio_iam_user resource.
  2. Create a policy named test-policy that grants full access to the test-bucket using the minio_iam_policy resource.
  3. Attach the created policy to the user using the minio_iam_user_policy_attachment resource.
  4. Attempt to create a service account for the user test-user-name using the minio_iam_service_account resource.
resource "minio_iam_user" "test_user" {
  name          = "test-user-name"
}

resource "minio_iam_policy" "test_policy" {
  name     = "test-policy"
  policy   = <<-EOF
      {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "s3:*"
                ],
                "Resource": [
                    "arn:aws:s3:::test-bucket"
                ]
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:*"
                ],
                "Resource": [
                    "arn:aws:s3:::test-bucket/*"
                ]
            }
        ]
      }
  EOF
}

resource "minio_iam_user_policy_attachment" "test_pol_at" {
  depends_on  = [resource.minio_iam_user.test_user, resource.minio_iam_policy.test_policy]
  user_name   = "test-user-name"
  policy_name = "test-policy"
}

resource "minio_iam_service_account" "test_sc" {
  depends_on  = [resource.minio_iam_user_policy_attachment.test_pol_at]
  target_user   = "test-user-name"
}

Expected behavior: The service account is created successfully without errors.

Actual behavior: The process fails with the error:

Reproduces how often: This issue occurs consistently on every run.

Versions

  • MinIO Provider: 3.2.2
  • MinIO Server: "RELEASE.2024-05-28T17-19-04Z"

Additional Information

  • Creating the service account manually through the MinIO interface and importing it into Terraform works without issues.
  • The problem occurs only when creating the service account via Terraform.
  • Verified that user and policy names do not contain leading or trailing spaces.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@horzone