Not able to manage users in project with project admin role permissions using terraform.

[Prakashreddy134]

Hi Team,

I am trying to manage users in artifactory project and i have project admin role permissions but not able to apply changes using terraform.

Here is the script :

resource "project" "mypro" {
    block_deployments_on_limit = false      
    description                = "My Project"
    display_name               = "dev-test"
    email_notification         = true        
    key                        = "dev001"
    max_storage_in_gibibytes   = 1
    lifecycle {
      ignore_changes = [
          repos
      ]
    }
    admin_privileges {
        index_resources  = true
        manage_members   = true
        manage_resources = true
    }
    member {
        name  = "prakash"
        roles = [
            "Project Admin",
        ]
    }
    member {
        name  = "user1"
        roles = [
            "Viewer",
        ]
    }
    member {
        name  = "user2"
        roles = [
            "Viewer",
        ]
    }
}

Here is the error i am getting while performing terraform apply

"project.mypro: Creating...
╷
│ Error:
│ 403 POST https://prakashrd.jfrog.io/access/api/v1/projects
│ {
│   "errors" : [ {
│     "code" : "FORBIDDEN",
│     "message" : "Logged in 'prakash' is not an admin."
│   } ]
│ }
│
│   with project.mypro,
│   on main.tf line 39, in resource "project" "mypro":
│   39: resource "project" "mypro" {
│
╵"

Please help me is there any solution to skip this error and I can't get admin role for entire org if required.

Thanks in advance.

[alexhung]

@Prakashreddy134 From the error message, it looks like this is the first time you are creating this project on Artifactory? In order to create a project, it requires a user assigned with the 'Administer the Platform' role. See https://jfrog.com/help/r/jfrog-rest-apis/add-a-new-project

[Prakashreddy134]

@alexhung No, I am doing this task for existing project and i imported project terraform import and performing updates. I don't have Administer the Platform role and I have a project admin role only, is there any solution with out 'Administer the Platform' role.

[chb0github]

Can you manually do this through the UI @Prakashreddy134 ? Using the provider doesn't grant anything special. If you can't do it through the UI, then you need to talk to your platform admin.

If you can do it through the UI, then it may be an actual bug with artifactory which would be outside the scope of this team (happy to direct you though). Please report back

[Prakashreddy134]

@chb0github I am able to do manually through the UI but my requirement is to perform this through terraform with project admin role. is this possible?

[alexhung]

@Prakashreddy134 Does the token for the provider you are using have admin_privileges.manage_resoures permission (see https://jfrog.com/help/r/jfrog-rest-apis/update-user-in-project)?

[chb0github]

You know, I didn't think of that, but the token you have could be restricted. That would explain it. I second @alexhung

[alexhung]

Closing due to inactivity.