Add extra example to ibm_iam_authorization_policy

[ocofaigh]

It took me a while to figure this out through trial and error, but I think adding the code snippet in https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy might help others.

Here is an example of how to create an s2s auth policy granting a COS instance reader access to a specific KMS key:

resource "ibm_iam_authorization_policy" "policy" {
  source_service_name         = "cloud-object-storage"
  source_resource_instance_id = "123456789" # replace with COS guid
  roles                       = ["Reader"]
  resource_attributes {
    name     = "serviceName"
    operator = "stringEquals"
    value    = "kms"
  }

  resource_attributes {
    name     = "accountId"
    operator = "stringEquals"
    value    = "123456789" # replace with KMS account ID
  }

  resource_attributes {
    name     = "serviceInstance"
    operator = "stringEquals"
    value    = "123456789" # replace with KMS instance guid
  }

  resource_attributes {
    name     = "resourceType"
    operator = "stringEquals"
    value    = "key"
  }

  resource_attributes {
    name     = "resource"
    operator = "stringEquals"
    value    = "123456789" # replace with KMS Key guid
  }
}

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

New or Affected Resource(s) or Datasource(s)

• ibm_iam_authorization_policy

Description

References

• #0000