Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oci_core_security_list - Destroy in TFSTATE without Verification, but not in tenancy #2229

Open
valterruas opened this issue Oct 22, 2024 · 0 comments
Open

oci_core_security_list - Destroy in TFSTATE without Verification, but not in tenancy #2229

valterruas opened this issue Oct 22, 2024 · 0 comments
Labels
bug

Comments

@valterruas
Copy link

I have a user with the policy below, where he does not have permission to add/remove security-list.

 "Allow group XPTO to manage vcns in tenancy where ANY {request.operation = 'CreateNetworkSecurityGroup',request.operation = 'DeleteNetworkSecurityGroup'}"

The scenario is that if I try to create a security-list I get an error due to lack of permission and this is correct. However, if I try to remove a security-list the resource is removed in TFstate, but the resource is not deleted due to lack of permission in the tenancy.

It does not check if he has permission to remove, does not validate if the resource was actually deleted, and does not validate if there is a dependency that prevents the deletion of the resource.
@valterruas valterruas added the bug label Oct 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@valterruas