Does anyone knows what other permissions are required for an API token to create “Access Group(s)” on Cloudflare zero trust.
My current token permissions are:
But I’m still getting the following error via making an API request via tf code:
With tf code:
resource "cloudflare_access_group" "device_enrollment_rules_tf" {
# account_id = var.account_id
name = "Device Enrollment Rules TF"
zone_id = var.cloudflare_zone_id
include {
github {
identity_provider_id = cloudflare_access_identity_provider.github_oauth_cf_tf.id
name = "My GitHub Org cf-tf"
}
}
}
But when I change the code to:
resource "cloudflare_access_group" "device_enrollment_rules_tf" {
# account_id = var.account_id
name = "Device Enrollment Rules TF"
zone_id = var.cloudflare_zone_id
include {
email = ["[email protected]"]
}
}
It is creating the access group successfully with the same token permissions^.
So, I’m confused now why it is failing when the following is added to the same block:
include {
github {
identity_provider_id = cloudflare_access_identity_provider.github_oauth_cf_tf.id
name = "My GitHub Org cf-tf"
}
IDP is getting created successfully and my access identity provider file is:
resource "cloudflare_access_identity_provider" "github_oauth_cf_tf" {
account_id = var.account_id
name = "GitHub OAuth cf-tf"
type = "github"
config {
client_id = var.github_oauth_client_id
client_secret = var.github_oauth_client_secret
}
}