diff --git a/ibm/resource_ibm_resource_key.go b/ibm/resource_ibm_resource_key.go index 5812adc43f..bb14badc2e 100644 --- a/ibm/resource_ibm_resource_key.go +++ b/ibm/resource_ibm_resource_key.go @@ -42,7 +42,7 @@ func resourceIBMResourceKey() *schema.Resource { "role": { Type: schema.TypeString, - Required: true, + Optional: true, ForceNew: true, Description: "Name of the user role.Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, Editor and Custom Roles.", // ValidateFunc: validateRole, @@ -195,7 +195,6 @@ func resourceIBMResourceKeyCreate(d *schema.ResourceData, meta interface{}) erro return err } name := d.Get("name").(string) - role := d.Get("role").(string) var instanceID, aliasID string if insID, ok := d.GetOk("resource_instance_id"); ok { @@ -240,19 +239,22 @@ func resourceIBMResourceKeyCreate(d *schema.ResourceData, meta interface{}) erro if err != nil { return fmt.Errorf("Error creating resource key when get service: %s", err) } - serviceRole, err := getRoleFromName(role, service.Name, meta) - if err != nil { - return fmt.Errorf("Error creating resource key when get role: %s", err) - } - - keyParameters.SetProperty("role_crn", serviceRole.RoleID) resourceKeyCreate := rc.CreateResourceKeyOptions{ Name: &name, Source: sourceCRN, - Role: serviceRole.RoleID, Parameters: &keyParameters, } + if r, ok := d.GetOk("role"); ok { + role := r.(string) + serviceRole, err := getRoleFromName(role, service.Name, meta) + if err != nil { + return fmt.Errorf("Error creating resource key when get role: %s", err) + } + keyParameters.SetProperty("role_crn", serviceRole.RoleID) + resourceKeyCreate.Role = serviceRole.RoleID + } + resourceKey, resp, err := rsContClient.CreateResourceKey(&resourceKeyCreate) if err != nil { return fmt.Errorf("Error creating resource key: %s with resp code: %s", err, resp) diff --git a/ibm/resource_ibm_resource_key_test.go b/ibm/resource_ibm_resource_key_test.go index ecea48842e..46bd4c21a3 100644 --- a/ibm/resource_ibm_resource_key_test.go +++ b/ibm/resource_ibm_resource_key_test.go @@ -95,7 +95,7 @@ func TestAccIBMResourceKey_Parameters(t *testing.T) { }) } -func TestAccIBMResourceKeyWithCustomRole(t *testing.T) { +func TestAccIBMResourceKey_WithCustomRole(t *testing.T) { resourceName := fmt.Sprintf("tf-cos-%d", acctest.RandIntRange(10, 100)) resourceKey := fmt.Sprintf("tf-cos-%d", acctest.RandIntRange(10, 100)) crName := fmt.Sprintf("Name%d", acctest.RandIntRange(10, 100)) @@ -112,7 +112,7 @@ func TestAccIBMResourceKeyWithCustomRole(t *testing.T) { testAccCheckIBMResourceKeyExists("ibm_resource_key.resourceKey"), resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "name", resourceKey), resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "credentials.%", "7"), - resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "role", crName), + resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "role", displayName), ), }, }, diff --git a/website/docs/r/resource_key.html.markdown b/website/docs/r/resource_key.html.markdown index d061ec565a..59a56fbb3f 100644 --- a/website/docs/r/resource_key.html.markdown +++ b/website/docs/r/resource_key.html.markdown @@ -137,7 +137,7 @@ Review the argument references that you can specify for your resource. - `name` - (Required, Forces new resource, String) A descriptive name used to identify a resource key. - `parameters` (Optional, Map) Arbitrary parameters to pass to the resource in JSON format. If you want to create service credentials by using the private service endpoint, include the `service-endpoints = "private"` parameter. -- `role` - (Required, Forces new resource, String) The name of the user role. Valid roles are `Writer`, `Reader`, `Manager`, `Administrator`, `Operator`, `Viewer`, and `Editor`. +- `role` - (Optional, Forces new resource, String) The name of the user role. Valid roles are `Writer`, `Reader`, `Manager`, `Administrator`, `Operator`, `Viewer`, and `Editor`. This argument is Optional only during creation of service credentials for Cloud Databases and other non-IAM-enabled services and is Required for all other IAM-enabled services. - `resource_instance_id` - (Optional, Forces new resource, String) The ID of the resource instance associated with the resource key. **Note** Conflicts with `resource_alias_id`. - `resource_alias_id` - (Optional, Forces new resource, String) The ID of the resource alias associated with the resource key. **Note** Conflicts with `resource_instance_id`. - `tags` (Optional, Array of strings) Tags associated with the resource key instance. **Note** Tags are managed locally and not stored on the IBM Cloud Service Endpoint at this moment.